Cyber Security System Of Abc Technologies: Threats Faced And Ways To Reduce Them
Question
Task: Students are required to write an academic report as per the format outlined in chapter 5 of the textbook. The report must follow the CQU APA referencing style. See the American Psychological Association (APA) abridged guide updated Term 2 2018 available from: https://www.cqu.edu.au/student-life/services-and-facilities/referencing/cquniversity-referencingguides. Please note that the prescribed textbook uses APA referencing guidelines. See also the Referencing Style subsection below.
The report is to be based on the following cybersecurity use case for office and home systems.
With the recent progress of computer networks, growth of interconnected devices through Internet, cloud computing, big data and web services, the number of cyber threat/attack has grown exponentially. Malware attack, phishing, man-in-the middle attack, denial-of-service are some of the common types of cyberattacks that hits businesses every day. Therefore, cybersecurity is an essential practice for the digital age to protect systems, networks, applications, data/information and hardware from cyberattacks or unauthorised access, and to ensure the integrity, confidentiality, and availability of information. The goal is to prevent the risks to individuals and organisations such as, damage or loss of sensitive data, stolen money, theft of intellectual property, theft of personal and financial data, disruption to business
The major challenges to cybersecurity efforts are mobile connectivity, online payment, the ever increasing use of cloud and Internet of Things (IoT) devices, remote access and third-party outsourcing. These days almost every business has a website and externally exposed systems that make it easier for the attackers to enter the internal networks. Moreover, most smart devices (both at home and at work) are connected to the Internet which makes the system prone to attack. Hence, ensuring cybersecurity is an absolute must for every business and also for individuals. Common types of cybersecurity are application security, hardware security, network security, cloud security, Data Loss Prevention (DLP), Cryptography, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), Identity and Access Management (IAM), and Antivirus/anti-malware.
You are a Security Consultant of a famous security consulting company that provides security consulting services to a wide range of business, individual, education institutes and companies. Recently one of your clients, ABC Technologies (ABCT) has contacted your organisation to prepare a document on Cybersecurity as it was the recent victim of several cyberattacks.
Here are the details of your client company
ABCT is an Australian technology company whose line of business ranges from different types hightech products which include both software and hardware. ABCT has multiple offices nationwide, and two overseas offices. All computer services are provided by virtual private network (VPN), which is maintained in Canberra (the head office). ABCT allows their employees to work from home (using VPN connections) and also have a Bring Your Own Device (BYOD) policy for their employees who work onsite. Each location also provides free wireless LAN access to visitors/guests. ABCT currently have 10,000 regular customers. All their customer and product information are stored in the cloud. Because the company was the victim of several recent cyberattacks, they are concerned that company’s data might have been compromised and hackers might have gotten hold of customers’ information. They are also worried that they would lose the trust of their loyal customers, which could potentially result in a loss of revenue. So ABCT wants to improve their security system and security related policies. As a first step, they want your organisation to prepare a document on cybersecurity to train their staff on the basics of cybersecurity. As part of that, your team leader asked you to research and write a report that should cover the following tasks:
- Explain what is cybersecurity and why it is important for ABCT?
- Identify and explain at least 3 security vulnerabilities in ABCT’s system (you need to consider ABCT’s case as presented above). You need to justify your answer with evidence from research.
- Do some research, and find and list 5 different types of emerging threats (that might affect ABCT) and describe each of them in detail. In your discussion include what damage the attack might cause, who is responsible for these attacks and their attack techniques.
- Do some research, analyse the information and give your recommendations (at least 3) how to protect home and office from cyberattack.
You have to complete this investigation and write a report for your team leader in the next three weeks. Since this is an initial investigation, moreover, some of the staff do not have IT background, the report does not require in-depth technical details.
Answer
Executive Summary
This report focuses on the cyber security system of a company and points out the challenges in the system. The security system of the company is weak, and so the company is under constant threat of attacks, the report will mention all the important tools and techniques to prevent those attacks on the system.
Introduction
The main aim of this report is to point out the security challenges faced by a professional company called ABC technologies, which produces a range of high tech products available in both hardware and software. The company uses the VPN method to provide the computer services to its employees and customers, some employees of the company work from home while others within the office and both use a VPN network connection. However, the company uses a different approach for the onsite employees, and it is called BYOD, which means Bring Your Own Device and the employees have to bring their own systems to the office to work on, and the company will not provide any device of their own. The headquarters of the company is situated in Canberra, and any guests or visitors of the company will be provided with the wireless LAN internet connection (Cherdantseva et al. 2016).
The regular customer base of the company is around 10000 users, and the company uses the cloud storage to store all the personal information of its customers and also the products that the company sells. The company has suffered from some cyber-attacks recently and fears that the personal information of their customers is at risk, so the company needs to make some changes in the security structure of the network of the company. If the company doesn't apply strict cyber security system to its network, then all the valuable information of the customers will be stolen, and the company will thus lose its customer base which will be very harmful to the company's future and revenue (Zhang, Cho & Shieh 2015).
The Importance of Cyber Security in an Organization
All over the world people are more involved in the cyber world than the actual real world, almost everyone owns a device with an internet connection and is frequently using the social media platforms and other apps to stay connected to the world. The cyber world has taken almost every part of our doing and is constantly growing, and along with it, it's also providing various job and earning opportunities to the people around the world. So, when the whole world is there on the cyber net, then why the companies and organizations should lag behind? Each and every business organization, whether big or small, are involved in it in some way or the other and is reaping the benefits of the internet. The internet is the place where there is an abundance of resources to promote and grow the company, various services provided by the internet are very useful for the company and its growth (Chesla 2017).
With all the uses of the internet mentioned above, there is also another side to its story, which is the dangerous aspects of using the internet. Any company or individual that is using the internet is prone to the cyber-attacks and threats that can cause a lot of damage to anyone that comes in contact with it. Here, the role of cyber security system comes into play; cybersecurity is that aspect of the cyber world, which protects the users from the attacks that can cause a great deal of damage to any organization or individual. In this report, the security measures that should be taken by ABC technologies are mentioned. The company has been recently attacked, and its big bosses need a solution or a proper security framework to make sure that the important data contained in the database of the company is not compromised. Cyber security system is very important for an organization because it secures the cyber network of the organization and prevents any kinds of attacks from happening and causing damage to the network system. The flaw in the security aspect of the ABC technology will be mentioned in the report with a proper solution.
ABC Technology Network Security Vulnerabilities
If any company uses an internet connection or a network for the usage of its employees and the guests, then it is important for the organization to make sure that the security on their network is up to the mark. The network security is important for any organization because the database of any business organization contains a lot of useful and sensitive data about of the company, its products and most importantly the personal information of the company's customers (Todd, Koster & Wong 2016).
Without proper security, the company network and its data are vulnerable to several types of attacks, below in this paragraph, the most common network vulnerabilities will be mentioned. Some of the vulnerabilities can occur due to the policies and the company culture, which is why it is important for the company to know which policies can be a hindrance in its security system and can cause damage to the network instead of being beneficial. Some of the vulnerabilities in the company are mentioned below:
The Usage of VPN Network
Using VPN for accessing the network is an important thing to do, the reason behind it is that any data that is stored by the VPN in the database of the company is encrypted and is very difficult to trace by an outside attacker. However, the reason to mention the VPN network in the vulnerability section is that if the VPN is not from a trusted source and is free of cost, then there are greater chances that the VPN can itself use the information that is stored in the company's database for its own use. So before using a VPN, the company should make sure that it is a reliable one, and the data stored will not be manipulated or stolen (Abomhara, 2015).
Wireless LAN Access for the Guests
ABC technologies provide free LAN access to all the guests and visitors in the company. To provide free access to the visitors, a different guest account is used which all the users can log in to access the free web. The company should make sure that this guest account is in no way works as a gateway to the company's personal network system. Proper cyber security system policies should be implemented in the guest account as it is vulnerable to the attacks from the users logging in to it. Poorly secured Wireless LAN network is very much vulnerable to the cyber-attacks, so it is important to apply proper security measures so that the data of the organization is not compromised (Burg, Chattopadhyay & Lam 2017).
Storing Important Information in the Cloud Storage
With its launch, cloud storage became one of the most commonly used methods to store data and information by every individual as well as organizations. Cloud storage is a better and less costly way to store data as compared to the external storage devices, it doesn't cost much to store any type of data in the cloud storage, and hence it is preferred by everyone these days. But, it is also important to know that cloud storage has many security issues and is very much vulnerable to external attacks or threats. The best way to protect the data in the cloud storage is to encrypt the stored data; the encrypted data is harder to decipher, and so has fewer chances of being manipulated and stored. ABC technologies use cloud storage to store all the important information about the customers and their products, and their data is not encrypted. So, the cyber security system in the cloud storage of the company is very weak and needs to be upgraded to secure the personal information of the users and the company (Samarati et al. 2016).
Emerging Threats and Attacks to the ABCT Security System
Along with all the facilities and the ease of business provided by the cyber world, a lot of other threats and possible attacks reside on the other side of the cyber world. Every business organization that enters it into the online world is highly subjected to the attacks and threats from cyber hackers and criminals. Whether it's an individual, a business organization big or small, it is subjected to the attacks and if proper cyber security system measures are not taken then the attacks could cause a lot of damage to them especially to the personal data stored in the database. Every piece of information that the attackers can get from any individual or an organization is important to them and can be used and abused in several unimaginable ways (Downer & Bhattacharya 2015).
Below mentioned are the Emerging threats that ABC technologies can face because of their weak security system and company policies:
Employee’s Lack of Cyber Security System Knowledge
The biggest threat to any organization and individual's cyber network is low to no knowledge of the cyber world and the securities that are required to safeguard the network. It is very important for the person in charge of the network security to have a deep level of understanding about the subject and the security issues that can harm a system. A lot of security threats can be avoided if the employees have proper knowledge of the basic types of threats and how they spread into a network. Phishing methods is the one thing that the employees in charge need to know about, any employee should be able to detect any phishing page or mail and can prevent the further attack by not engaging in any way with them (Burg, Chattopadhyay & Lam 2017).
Spear Phishing and Phishing Techniques
Phishing techniques still remain the most used form of cyber-attacks; the reason behind it is that it is the easiest to use and low in cost. Almost anyone can perform a phishing attack by preparing a phishing page and getting the details such as password and important information from any user or an organization. In the phishing technique, a fake page or email is made by the attacker who is then published or sent in a network. After that, people who have a little knowledge about this issue cannot determine it as a fake page due to its similarity to the page and then fall prey to it. The users then enter all their essential information such as password or even credit card information, which is then stored by the attacker and then can be used for criminal activities (Magdalin 2015).
Malware or Virus Attacks
Malware is the most commonly known threat to any system or a network; it usually comes attached to software that is downloaded online and then spreads to a network through the system. The malware attacks the network and causes various problems in the working of the network and can also be used to steal the critical information of any organization or individual (Lipton , Ostrovsky & Zikas 2015).
Internal Attacks
These are the most common forms of attack that any organization can face, and no cyber security system option can prevent these types of attacks, instead of the owner of the organization being cautious about its employees. The internal attack is made mostly by those who work in an organization and knowingly or unknowingly cause a threat to the company and its network system. These threats should not be neglected, and a keen eye should be placed above those who are in the position to perform these types of attacks (Aziz, Lai & Manni 2015).
BYOD Policy of ABC Technology
ABC Technology has a strict policy of BYOD, which means every employee of the company is supposed to bring their own devices to work. This policy is good for the company as it reduces the investment cost of the company and makes it more comfortable for the employees to work. However, this policy has a severe threat issue, which is that the users who bring their own devices to the company can cause a threat to the networking system of the company in various ways. The user can spread the virus from their system unknowingly to the whole company network and can also leak several important information out of the company (Vignesh & Asha 2015).
Protection from the Cyber Attacks in a Network
If a person is using the internet, then they are prone to the cyber-attacks, and without the proper security knowledge and tools, it is difficult to get rid of these cyber-attacks. This paragraph will explain in detail how to protect any network or a system from the cyber-attacks and make sure how to do that from time to time (Almorsy, Grundy & Müller 2016). The attacks are getting bigger and scarier with time, and so the techniques to counter them should be updated regularly. Some of the ways to protect the system from the attacks are mentioned below:
Using Antivirus and Antimalware Tools
As mentioned in the above passage, malware is the most common attack that can weaken the network system of any organization. So, to get rid of this malware or viruses, it is essential to use the various antivirus software provided in the internet or market. The person using the antivirus should make sure that it is regularly updated to prevent the attacks of the most updated and modern malware and viruses (Abomhara 2015).
Educating the Employees
As mentioned above, one of the reasons for the cyber-attacks is the lack of knowledge of the employees working in a particular organization. To prevent these types of problems, training workshops should be conducted regularly in which the employees should be trained about the types of attacks the system could encounter and the how to recognize the phishing pages and attacks.
Regularly Changing the Password
It should be in the habit of everyone to regularly change the password of a network or a profile that they are using. Doing this eliminates the risk of the password getting stolen, and this can prevent the phishing attacks. Even if an attacker has access to the password of any organization's network or database, regularly changing it can prevent the attacker from making any changes into it (Yaqoob et al. 2017).
Conclusion
This report focuses on the security system of a technology company which provides high tech products that include both hardware and software products. Due to some recent attacks, the company wants to make some changes in its security system. The introduction gives an insight into the company and its environment and how the company is vulnerable to the attacks on its network. The various threats and vulnerabilities to the security system of the company are mentioned in the report in detail.
Some of the policies of the company such as BYOD, using the VPN network and cloud for storage are important and very useful for the company but at the same time prove to be very harmful to the company in the security aspects. How better security policies can be adopted and implemented in the system are also mentioned in this report. Due to many threats that are emerging on the internet day today, the company needs to keep up with the latest techniques to keep a firm hold on its security. The personal data of the customer and the company is to be protected at any cost and all the possible measures that can be used to protect them are mentioned in this report. Cyber Security assignments are being prepared by our IT assignment help experts from top universities which let us to provide you a reliable assignment help online service.
Recommendation
The details of the company and the working of its cyber security system are mentioned in the report with how the company can improve itself by using the various tools and techniques. The most significant way to eliminate most of the security issues is by educating and training the employees of the company about the types of attacks and their nature of the attack. Another recommendation is that the company should make some changes in its policy or maybe use some strict methodologies such as the restriction to use the network for any other work other than the office.
Regular use of the updated antivirus techniques and tools is essential for the working of any organization and the employees who should make sure that their devices should be virus free before they are connecting their systems to the office network to prevent the spreading of the virus and its possible attacks.
References
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Aziz, A., Lai, W. L., & Manni, J. (2015). U.S. Patent No. 9,071,638. Washington, DC: U.S. Patent and Trademark Office.
Burg, A., Chattopadhyay, A., & Lam, K. Y. (2017). Wireless communication and security issues for cyber–physical systems and the Internet-of-Things. Proceedings of the IEEE, 106(1), 38-60.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & security, 56, 1-27.
Chesla, A. (2017). U.S. Patent No. 9,565,204. Washington, DC: U.S. Patent and Trademark Office.
Downer, K., & Bhattacharya, M. (2015, December). BYOD security: A new business challenge. In 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity) (pp. 1128-1133). IEEE.
Downer, K., & Bhattacharya, M. (2015, December). BYOD security: A new business challenge. In 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity) (pp. 1128-1133). IEEE.
Magdalin, V. (2015). U.S. Patent No. 8,990,933. Washington, DC: U.S. Patent and Trademark Office.
Samarati, P., di Vimercati, S. D. C., Murugesan, S., & Bojanova, I. (2016). Cloud security: Issues and concerns. Encyclopedia on cloud computing, 1-14.
Todd, M., Koster, S. R., & Wong, P. C. M. (2016). U.S. Patent No. 9,264,441. Washington, DC: U.S. Patent and Trademark Office.
Vignesh, U., & Asha, S. (2015). Modifying security policies towards BYOD. Procedia Computer Science, 50, 511-516.
Yaqoob, I., Ahmed, E., ur Rehman, M. H., Ahmed, A. I. A., Al-garadi, M. A., Imran, M., & Guizani, M. (2017). The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks, 129, 444-458.
Zhang, Z. K., Cho, M. C. Y., & Shieh, S. (2015, April). Emerging security threats and countermeasures in IoT. In Proceedings of the 10th ACM symposium on information, computer and communications security (pp. 1-6). ACM.