Overview of Threats to Cybersecurity and Their Countermeasures
1. Introduction
Every modern organization on the face of the earth uses information and communications technology (ICT) in one way or another and depends on its information and communication capabilities to conduct its operations effectively. For some organizations, information technology is their core business and for some, it is a supporting division for core operations. Many organizations put considerable resources to be handled by software and networked systems. In developed nations, many, if not all, of the operations of a company are done through software. Hackers not only target the infrastructure of large companies but also personal computers and mobile phones used by individuals. Large companies often have an information security team and are proactive in dealing with any vulnerabilities. This leaves individuals with their personal devices exposed to threats.
Information security can be defined as the practice of safeguarding information against potential threats from adversaries. The practice of information security is the prevention or reduction of the probability of unauthorized and or illegal gaining of data, usage, publication, modification of data, removal of data, etc. The broader field of information security also includes the protection of digital as well as physical information such as papers, documents, books, folders, etc. Physical resources can be easily secured by placing physical blocks such as security checks, keys and locks, clearance levels for personnel, and other best practices. However, in the case of digital information, security is not as easy as in the previous case. In certain ways, digital information is easier than physical information to protect, but in certain other ways much more difficult to protect. For example, we can encrypt digital information with powerful encryption algorithms which will make it difficult for attackers to compromise. However, digital information is stored in networked devices that are connected to the internet where billions of users are also connected. This increases the number of potential attackers who can attack a facility.
There is no way to eliminate 100 percent of information security threats and have a perfectly safe system. Gene Spafford, the director of Computer Operations, Audit, and Security Technology (COAST) project at Purdue University has once said “The only system which is truly secure is one which is switched off and unplugged locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it” [2]. If you connect your system to the internet or any network system for that matter, it will never be perfectly safe. It will only be as safe as the security systems, and practices put in place. Knowing our system cannot be 100 percent safe should not discourage us from engaging in cybersecurity best practices. We should always strive to make the systems more secure and reliable. Even though cybersecurity cannot be perfect, it should be as close to perfect as possible.
Contents:
1. Introduction
2. Brief History of the Field of Information Security
3. Types of Information Security Threats and Mitigations
3.1 Threats and Vulnerabilities from Inside
3.1.1 Preventing Insider Threats
3.2 Malwares
3.2.1 Computer viruses
3.2.1.1 Preventing computer viruses
3.2.2 Worms
3.2.2.1 Protecting Against Computer Worms
3.2.3 Trojan Horses
3.2.3.1 Protecting against trojan horses
3.2.4 Ransomware
3.2.4.1 Protecting against ransomware
3.3 Phishing Attacks
3.3.1 Preventing Phishing Attacks
3.4 Distributed Denial-of-Service (DDoS) Attacks
3.4.1 Preventing DDoS Attacks
3.5 Man-in-the-Middle Attacks
3.5.1 Preventing MitM Attacks
3.6 Botnet
3.6.1 Preventing Botnets
3.7 Identity Theft
3.7.1 Protecting Against Identity Theft
4. Best Practices to Ensure Information Security
4.1 Data Protection
4.2 Disregarding pop ups, unsolicited emails, and unknown links
4.3 Creating and using strong passwords and encryption
4.4 Using only secure wi-fi connections
4.5 Investing in information security
4.6 Regularly install updates and security patches
4.7 Ensuring trust and healthy communication between security team and other employees
5. Conclusion
6. References2. Brief History of the Field of Information Security
Historically, the need for information security first arose during military and diplomatic communications. There was always a constant threat of other nations and players wanting to access confidential military information which can be the difference between victory and defeat in a military confrontation. It was imperative for kingdoms to protect their data during transmission. A known early attempt at protecting information against potential threats was Caesar cipher that was developed around 50 B.C [3]. The alphabet is shifted by a fixed number of letters and the text is written with the shifted letters. In early times, information security was mainly maintained through physical and procedural controls rather than sophisticated encryption techniques.
In the times when postal service was developed and expanded, the governments started developing facilities to intercept and access letters and messages between suspected individuals or organizations. The United Kingdom formed the Secret Office in 1653 to intercept letters and gather intelligence [4]. During the first and the second world war the need for secure communication was imperative and one of the topmost priorities for every country involved in the war. Encryption and encoding became well-established fields with great minds and resources put to work. Communication was made a separate division within militaries and highly educated officers were assigned instead of military personnel for handling communication. A well-known example of this is the German enigma machine which was notoriously hard for the allied force to break. It was widely used by Nazi Germany for military communication during World War 2. It used an electromechanical rotor coupled with a keyboard to encrypt messages using a keyword [5]. The receiving party should know the keyword and the exact settings used when the message was encrypted to successfully decrypt the message. The encryption of the enigma machine was initially compromised by the Polish Cipher Bureau in 1932. Subsequently, additional encryption technologies were added by the Germans. The Ultra program of the United Kingdom was successful in decrypting the messages encrypted using the later enigma machines. It is said that these cryptanalytic efforts by the allies shortened the war by years and probably shifted the momentum away from the axis powers. The late 1900s saw rapid and unprecedented development in telecommunications and information processing technologies. Computing hardware and software capabilities grew by leaps and bounds altering the stage of information security forever.
3. Types of Information Security Threats and Mitigations
A security threat is a vindictive effort to steal, delete, or modify the data and systems of a company. The attack can be against a single facility or the entire organization. It is important for us to know the terms related to security used in organizations. If in any scenario the data or network system of an organization is left vulnerable to an attack, it is called a security event. If such an event results in an attack being carried out it is called a security incident [7]. Security threats and attacks are becoming more sophisticated and powerful by the day. Business organizations must dedicate staff and resources to protect their assets against such sophisticated attacks. In order to prepare an effective cybersecurity defense one must understand the common types of threats to information security.
3.1 Threats and Vulnerabilities from Inside
Many breaches occur because of someone who had legitimate access to the resource compromised the system through either intentional or unintentional actions. An employee or a contractor who is allowed to access the company’s system can misuse the privileges to personally benefit by selling trade secrets to competing companies [8]. A small portion of such attacks happen because of employees’ dissatisfaction with the organization. Sharing customer information through email, accessing phishing links, and even sharing official credentials with third parties can be a serious threat to information security.
Employees who don’t follow the guidelines of the organization regarding cybersecurity often cause vulnerabilities. Some employees bypass or neglect security practices to be more productive and avoid spending time doing security-related tasks. Furthermore, business partners and third-party vendors can become an insider threat.
3.1.1 Preventing Insider Threats
The organization can take many steps to avoid leaving a system vulnerable to insider threats. The employees can be provided access to only the resources and directories they need to get their work done rather than providing every employee access to the entire infrastructure. New hires and contractors can be briefed about the company’s guidelines on cybersecurity best practices and basic training to safeguard information security can be provided before allowing access to company’s IT systems. For temporary employees and contractors, temporary credentials can be provided. After the work has been completed, the access can be revoked since it will no longer be needed. Making two-factor authentication mandatory for company-related logins will minimize the risk of an employee’s account being used to compromise the system. Bundling monitoring and controlling software into the machines used by the employees for official work will ensure that the security team will have more control and power to thwart any potential attacks. The monitoring tools can be used to ensure the machines are running the latest software versions with the latest security patches, and discourage malicious activities of employees.
3.2 Malwares
Malwares are software that are intentionally designed to harm the host computer and its data. There are many different types of malwares such as trojan horses, computer viruses, ransomwares, spyware, adware, worms, and scareware. Even the software that acts against the best interest of the user without his or her knowledge can be categorized as malware. A famous example of this is when Sony tried to prevent its music compact disk users from illegally copying the content using a rootkit software. In 2005, a joint venture between Sony and BMG had a digital rights management software on their music CDs that covertly installed a rootkit software on the user’s computer [9]. This was ruled illegal by many class action lawsuits in the United States and Sony had to pay millions of dollars of compensation and replacement for its customers.
3.2.1 Computer viruses
Computer viruses are ill-intended software that can replicate itself without the consent or knowledge of the user when executed. They can modify the existing computer programs and data while inserting their illegal code into programs. When a virus is successful in infecting a computer it quickly seeks to spread to other computers linked to the original computer through network. Cybercriminals who write viruses often use social engineering or known security flaws in operating systems to infect and spread itself. Since the action of infecting and spreading is similar to a biological virus, these class of malware is named as computer viruses. Most of the existing viruses target Microsoft Windows. They often use sophisticated mechanisms to evade antivirus software. Viruses are used to gain financial profits, spread political messages, explore vulnerabilities in a software, publish the vulnerability to wide base, and even for personal amusement. Virus programs take up hard disk space, use central processing unit time, illegally access credit card information, contact numbers, emails and other credentials, bank account information, corrupt data, send unnecessary emails to contacts, track keystrokes of the user, or even brick the computer.
3.2.1.1 Preventing computer viruses
Companies and individual users must install antivirus software with malware protection on their computers to efficiently combat the threat of viruses. The virus software must be purchased if they are not free, and must be updated regularly to keep the protection up to date. This will ensure that the computers are not vulnerable to new threats. Best practices such as not downloading and installing free software available in unrecognized websites, not clicking on attachments or links in unverified emails must be followed to avoid virus infections. Advertisements, online games, and links found in unrecognized websites may infect our system with a virus. Caution must be exercised when accessing websites and links on the internet.
3.2.2 Worms
Worms are a type of malware that is designed to infect a computer then quickly replicate itself and spread over the network. Worms are very similar in action to computer viruses. However, worms generally do not have a “payload” i.e it doesn’t have code to modify existing programs and data on a computer. It only overloads the network by consuming bandwidth. Even though it sounds harmless worms can do much damage by overwhelming the network. Morris worm of 1988 is a famous example which was a seminal moment in computer security. Robert Tappan Morris wrote a worm that copies itself over the network when he was a graduate student at Cornell University [10]. This caused a network overload and affected around 6000 computers (which was 10 percent of 60,000 computers attached to the internet at that time). It resulted in an estimated financial loss between 100,000–10,000,000 USD. The creator of the worm was the first one to be convicted under the Computer Fraud and Abuse Act of 1986 in the United States.
3.2.2.1 Protecting Against Computer Worms
Computer worms generally exploit network-related operating system vulnerabilities. Most operating system vendors such as Microsoft, Apple, Ubuntu, etc. regularly release patches and security updates for their operating systems. Users need to keep their computers up to date with the latest updates to prevent potential attacks. However, if there is a known vulnerability in the system and a patch is not available there can be zero-day attacks exploiting the vulnerability. Furthermore, users can install anti-virus and anti-malware software to add to the protection. They regularly scan the system for any malicious code and check for user authentication before installing a potential worm.
Users should also be vigilant regarding opening links in emails and unknown websites. Recently, researchers have used machine learning techniques to monitor the number of scans a machine sends out and its network behavior to flag a machine as infected. Then the infected machine can be quarantined from the network and scanned for malware. Having a robust firewall will add to the protection. Furthermore, network administrators can use access control lists in routers and switches, packet-filters, service daemons with TCP wrappers, and use null route to contain and mitigate the risks posed by worms.
3.2.3 Trojan Horses
Trojan horses are malware that manages to hide their true intention from the user by hiding behind a legitimate trivial application. This usually uses social engineering to trick users. For example, a form to be filled can be sent via email, or fake ads on social platforms are used to infect the user’s computer with trojan horses. The name “trojan horse” comes from the old Greek story where a wooden Trojan horse was used by the Greeks to capture the city of Troy after many years of stalemate siege. The payload of a trojan horse can be any kind of malicious code. However, usually hackers use trojan horse to create a backdoor into the infected computer. A user may never know that his or her computer was infected by a trojan horse. The hackers will continue to exploit the backdoor to access the computer and steal confidential information such as credit card numbers, bank account details, and personal data. DarkComet is a famous remote access trojan (RAT) developed by Jean-Pierre Lesueur [11]. He was an information security programmer from France. This Trojan horse was first developed in 2008 and was widely used from 2012. It became notorious for its use during Syrian civil war to monitor activists after which the creator stopped the development entirely. It had a lot of features such as webcam capture, mic capture, remote desktop, network control functions, powering on and off computers etc.
3.2.3.1 Protecting against trojan horses
Users can use antivirus and anti-malware software to add protection against trojan horses. Well-known trojan horses have signatures that can be traced and removed by antivirus software. Antivirus software must be kept up to date. Operating system security patches must be installed regularly. Firewalls can also prevent and block unwanted connections which will thwart trojan horses. Users must also exercise caution as to not click on the links in spam emails.
3.2.4 Ransomware
When ransomware successfully infects a computer, it encrypts the user’s personal data such as files, audio, video, and pictures. Then the ransomware threatens the user to delete the files or publish the personal data publicly online unless a payment is made in favour of the cybercriminals. The payment is often demanded through difficult-to-trace cryptocurrencies such as Bitcoin. Most ransomware is sent as trojan horse payload. Some ransomware attacks do not use strong encryption, so it is possible for a computer literate person to unlock the files and access. However, some ransomware attacks use public key encryption and it is nearly impossible to unlock the files without paying the attacker. This is further compounded by many attackers forcing the victims to pay within a certain timeframe. If the time period passes the attackers threaten to delete the files. Many victims of ransomware attacks chose to pay the attackers than risking losing their valuable data. A famous example is WannaCry ransomware which infected around 300,000 computers during 2017.
3.2.4.1 Protecting against ransomware
Current antivirus offerings are not very good at detecting and eliminating ransomware attacks. Having proper backups will enable us to roll back to previous data state even if the machine is encrypted by ransomware. We can simply wipe everything and roll back. However, ransomware actively seeks and deleted backups. Hence it is advisable to have offline backups. If you have a cloud backup it is important to set the access permission to append only. Installing security patches and updates often will ensure that known system vulnerabilities are not exploited. Users also should practice cyber hygiene; not opening spam email links, network segmentation, and separating most important computers from the network. We can also use file systems such as volume shadow copy, ZFS which can protect the use data against ransomware attacks. Some operating systems like Windows 10 allows users to create controlled folders in which modifications are controlled. In addition, ransomware attacks with weak encryption can be unencrypted using known-plaintext attack.
3.3 Phishing Attacks
Phishing attacks are where users are fooled into believing an email or a website is a legitimate website and tricked into entering their personal information which is then sent to the attacker. This is a form of social engineering rather than a sophisticated attack. For example, an attacker can make a website that looks exactly like Facebook password reset page and send it from a fake email address that looks like it is from Facebook asking the user to reset their password. An unsuspecting user will follow the link and enter their original Facebook credentials which will be revealed to the attacker. Then the attacker can use the original credentials to access the facebook account of the victim. Similarly, user’s credit card details, bank account details etc can be harvested from millions of users to be used for illegal activities and theft. Following the phishing links and websites can also install additional malware on the user’s computer which can compound the effects of the attack.
3.3.1 Preventing Phishing Attacks
Preventing phishing attacks is very simple and straightforward. Users should refrain from opening links in emails that are from unknown sources. Users should also take caution to avoid accessing material and software from untrusted websites. Having good cyber hygiene and computer literacy will eliminate the risk of phishing attacks.
3.4 Distributed Denial-of-Service (DDoS) Attacks
Denial of service attacks are done by attackers using many computers to send repeated requests to a targeted server. For example, let’s say we have a website hosted on a server. The server and the software system can handle 100 requests per second at maximum. Ann attacker can use a few machines to send more than 100 requests per second to our web address which will overwhelm the resources available. This will result in our web service not being available for genuine users. In a large scale attack hundreds of thousands of computers may be coordinated. Even IOT (internet of things) devices can be used for distributed denial of service attacks [13]. Each of these devices coordinating in the attack can be referred to as bots as they act according to a script and not due to direct human interaction. This attack can be difficult to stop or prevent because each of the bots that send requests are legitimate internet entries. Their requests do not differ in any way from any other legitimate request. The only identifier can be multiple repeated requests from the same IP address. In 2018, a popular software version controlling platform GitHub was attacked by a DDoS attack of massive scale. The peak traffic was 1.35 terabits per second which is an unprecedented amount of traffic. Even Though GitHub was prepared to face attacks with sophisticated filters and massive bandwidth, still many users experienced outages due to the attack.
3.4.1 Preventing DDoS Attacks
Enterprises can take many steps that can prevent or minimize the consequences of a DDoS attack. Network administrators and system engineers should have network monitoring tools with dashboards showing network traffic and requests flowing into the system. DDoS attack can be visually identified from network traffic since it will show a sharp and unprecedented spike in influx traffic. Understanding normal traffic versus a DDoS attack traffic is crucial to begin taking steps to contain the attack. Organizations can also dedicate additional servers that offer more capacity than generally needed to act as a cushion in case of a DDoS attack. It can help serve legitimate user requests without outage. This will also buy time for network engineers to figure out how to contain the attack. We should also regularly update firewalls since they bring new methods of combating such DoS attacks. Organizations should also have a proper policy on what to do during a DDoS attack and even have drills to test the robustness of their systems.
3.5 Man-in-the-Middle Attacks
MitM attacks are when attackers eavesdrop on communication between two parties over the internet without their knowledge. Attackers can access and view the contents of packets transferred over the internet between two parties. You can imagine this attack as a criminal listening to the phone call between you and your bank agent who can steal your personal banking information and credentials. Some attackers spoof the endpoint you are actually trying to reach by mimicking the replies that you might expect from your intended endpoint. MitM attack can easily be carried out if you are connected to an unencrypted WiFi network. An attacker can connect to that wifi and spoof the endpoint you are trying to reach. A famous recent example is when intelligence officials attached to the Main Intelligence Directorate of the General Staff of the Armed forces of the Russian Federation tried to attack the Organization for the Prohibition of Chemical Weapons at Hague. The attack did not achieve its full objective but it is a notable example that shows that even state players can and will be involved in MitM attacks trying to compromise information transferred through networks.
3.5.1 Preventing MitM Attacks
Organizations can use SSL/TLS encryption protocols over their internet connections to encrypt the messages that are being transferred. Even though the attacker manages to capture some packets that are being transferred he will not be able to access the contents as they will be encrypted. HTTPS is the recommended protocol for all websites these days. Websites without HTTPS secure connection will be marked as unsafe by most internet browsers such as Chrome and Firefox which will result in reduced traffic and business for the website owner. Employees should also take precaution as to avoid using public WiFi connection for their official and even personal network requirements. Such public WiFi can be easily hacked. In situations where using public WiFi is necessary one must use Virtual Private Network (VPNs) to secure their communication over such public WiFis.
3.6 Botnet
Botnets are ensembles of networked devices that can be widely heterogenous. For example, computers, smart mobile phones, web servers, and even internet of things devices. Even the internet connected thermostats. smart bulbs etc can also be harvested for use in botnets. A single system of botnet is usually controlled by a common malware, possibly remotely from some attacker’s computer. These malware continuously search for vulnerable computers all over the internet and infects new devices. The attacker’s intent is to spread the botnet malware to as many devices as possible with as much computing power as possible. The botnet malware typically uses a small amount of computing power and network bandwidth which helps it to avoid detection by the user. Usually they remain dormant and hidden. The attacker can use the botnet from time to time for sending spam emails, click fraud and click farming efforts, and to generate huge amounts of requests for a distributed denial of service attack.
3.6.1 Preventing Botnets
Companies can take many steps to ensure that their computers and servers are not being a part of botnets. System administrators and network engineers should monitor the network traffic and computing power usage time to time to look for any suspicious behaviour. If any suspicious traffic is detected then that machine should be isolated from the company network and thoroughly scanned to find any botnet malware residing in it. The operating systems of the machines should also be kept updated. All the software and firmware in the machines should also be updated and patched for known vulnerabilities. Company technology staff must be educated and made aware of botnet and other information security threats and advised not to open spam emails or any links sent through unknown email addresses. Recently, anti botnet tools have been made available in the market. Depending on the threat level and the company financial capacity such tools can be purchased and installed in company machines.
3.7 Identity Theft
Identity theft is an illegal activity done by identity thieves where they manage to steal personal information regarding users such as credit card numbers, usernames, passwords, identification numbers, driver’s license numbers etc. Using such stolen credentials identity thieves try to impersonate someone to access secure networks. In this scenario a user with legitimate access to a secure system is compromised. So, the system cannot differentiate if the legitimate user is attempting to login or an identity thief. The compromised user may not even be aware that his or her credentials and personal details have been stolen. Until he or she is notified about previous logins or he or she becomes aware of such an illegal login the attacker can have continuous access to the systems even while allowing access for the legitimate user.
A notorious example of large scale identity theft is 2017 data breach of Equifax Inc [16]. Equifax along with Experian and TransUnion are the three biggest consumer credit reporting companies. It has personal and credit related details of over 800 million individuals. During the months of may to july of 2017 personal details of about 140 million Americans, 44 million British citizens and thousands of Canadians were stolen. It is one of the largest thefts of identities in history. Even Though the theft began in May of 2017 the company failed to notice the theft until July. The company lost around 15 percent of its market value due to the attack and had to pay around 500 million US dollars in compensation and fines related to the theft.
3.7.1 Protecting Against Identity Theft
Identity data is stolen using many different types of attacks that we discussed previously. In case of a successful attack the perpetrator gets hold of credentials that he or she can use for further identity theft attacks. Companies must make their systems secure and stable such that even though a successful attack was made somewhere else and identities have been stolen using those credentials for further attack should be difficult. Companies can enforce two factor authentication using time one time password or OTP sent through an SMS such that physical possession of the phone can be used to authenticate. Furthermore, corporate systems must have filters to flag potentially illegal login attempts in the authentication phase and alert the legitimate user regarding such logins using other channels such as emails or text messages. Such filters can use IP address, location, device type, repeated login attempts, suspicious activity after logging in etc. to identify malicious access to corporate systems.
4. Best Practices to Ensure Information Security
Companies invest a lot in ensuring that their systems and employees adhere to best practices in information security. Employees have a responsibility to help make their companies information technology infrastructure secure and protected against any vulnerabilities. Even though the entire company is following information security best practices all it takes is just one employee to click on one spam link to compromise the entire system. Therefore, it is essential that each and every employee takes information security seriously and system administrators and network engineers should ensure that the company’s system and networks are set up following best practices. The following are some important steps that companies and employees can take to ensure that their systems and data remain secure.
4.1 Data Protection
In our personal life we exercise caution by not revealing important personal information such as identification number, credit card number, etc. to unknown parties contacting us through emails and calls. We need to have the same caution when dealing with company data and trade details. Employees should not reveal company credentials, customer information and any other information related to the company to unsolicited emails and calls. Hackers can send emails from seemingly trustworthy sites. They can even compromise company’s social and other accounts and send messages asking to reveal company related information. Employees should also avoid discussing company related intellectual properties and trade secrets to third parties without prior approval.
Sometimes employees don’t realize that they are jeopardizing the safety of the company’s information security system. Just posting a photo of yourself from inside company premises can put some private information to external parties. It can be an unerased whiteboard with company secrets in your background or a computer screen with some private data. Care must be taken by every employee since information security of a company is a collective effort of all the employees not just the security team.
4.2 Disregarding pop ups, unsolicited emails, and unknown links
Many identity thefts, malware attacks, and viruses have a common beginning; it is unsolicited communication from third parties. Attackers often send malicious emails to company email addresses in hope that some employee will open it. Opening links in such emails or downloading attachments in such emails can bring down malware and viruses into your machine that will eventually go on infecting every other networked computer in your company. It cannot be stressed enough that emails from external email addresses should be viewed with caution and the security team must be contacted before opening any such emails. One must also not give out company information in a pop up form. They are also an attack of choice for hackers.
Companies can create strong filters for their corporate accounts such that spam and other unsolicited emails are not sent to the inbox of users.
4.3 Creating and using strong passwords and encryption
Attackers often try to access secure systems by exploiting weak passwords through guessing and brute force attacks. Using unique, strong, and complex passwords help thwart the majority of such attacks. Employees must refrain from using their names or common words as passwords. Companies must establish a strong password policy encouraging or enforcing the use of block and small letters mix, alphanumeric characters, special symbols, minimum length etc. Employees should also be encouraged to change their passwords after some interval. Enforcing multi-factor authentication will also increase protection. It will help secure an account even if the password has been compromised.
Using encryption along with a strong password on all company devices will make sure that the data residing in them is never compromised. Even if a thief or an attacker manages to steal and gain physical possession of a corporate device, the data cannot be accessed even through hardware manipulation if the device is encrypted. Therefore, employees, especially the ones who travel often for work, should have all their devices and media storage encrypted to protect the company data.
4.4 Using only secure wi-fi connections
Corporate wi-fi should be secure and password protected. Employees should use only company wi-fi for office work. Company networks should allow access to only registered devices to connect to the internet. Separate guest networks should be available to accomodate guests and visitors to the company. In case of allowing employees to work remotely, companies must have a virtual private network through which employees can connect to the company’s network securely.
4.5 Investing in information security
Companies, especially startups and small businesses may view information security as unimportant and something that adds additional weight to their operations. Cost is incurred for the purchase of antivirus and antimalware software, external offline backup systems, conducting regular security audits and training. However, making these investments will help companies avoid future financial loss and legal costs after a breach occurs. A breach does not only cause immediate financial loss but damages the reputation of companies. Small companies may never be able to shake off their bad image after a breach and the majority of small businesses subject to cybersecurity attack go out of business. Therefore, management and business owners must make adequate investment in information security.
4.6 Regularly install updates and security patches
The easiest step that you can take to have a huge impact in the security of corporate information technology infrastructure is to regularly install operating systems and other software updates. Security updates are also released as soon as a fix is found for vulnerabilities. This will ensure that newly discovered vulnerabilities in systems cannot be exploited to attack the corporate network. Companies can also install computer management softwares which will automatically install updates periodically. However, care must be taken as to not interfere with employee tasks as installing updates in the middle of some work or a customer call may negatively impact their productivity.
4.7 Ensuring trust and healthy communication between security team and other employees
More often than not, employees are worried about the endpoint securing software and workstation management software installed on their machines by the company. They may think that companies are tracking their online and other activities and may even record their activity and or credentials. This will create a divide between IT personnel and other employees. Sometimes it is necessary for companies to track the websites employees visit using their office computer and network as any illegal activity done through these channels may bring convictions against companies as well. Having healthy communication between employees and IT personnel where they can raise any concerns and have them answered will help reduce these divisions. Companies must also be straightforward and transparent about their security policies. The extent of surveillance and other monitoring activities done on employees computers must be fully disclosed prior to such activities. This will help the company gain employees trust and participation in increasing security measures and also act as a deterrent against any mischievous behaviour by employees by laying it bare that such activities will not go unnoticed.
5. Conclusion
Information security is an unavoidable topic that every organization has to address at one point or another. Investing time and money in building secure infrastructure will pay dividends by protecting the company’s data against millions of security threats spread over the internet. As we discussed before, the majority of small businesses that face a cyberattack go out of business as a direct result. The internet is a dangerous place strewn with threats. It is of every company’s responsibility to protect itself and their customer data. Any breach will do irreparable damage to the organizations business as well as customer confidence. Building a secure system is a team effort where every employee has to contribute.
6. References
[1] Nieles, M., Dempsey, K.L., & Pillitteri, V.Y. (2017). An Introduction to Information Security. NIST Special Publication 800–12. Revision 1
[2] Jim Vallino’s Favorite quotes and Signatures. [Online]. Available at: https://www.se.rit.edu/~jrv/personal/quotes.html (Accessed: 25 Jan. 2020)
[3] Caesar Cipher in Cryptography [Online]. Available at: https://www.geeksforgeeks.org/caesar-cipher-in-cryptography/ (Accessed: 25 Jan. 2020)
[4] Johnson, J. (1997). The Evolution of British Sigint: 1653–1939. Her Majesty’s Stationery Office. ASIN B00GYX1GX2
[5] Hern, A. (2004) How did the Enigma machine work? [Online]. Available at: https://www.theguardian.com/technology/2014/nov/14/how-did-enigma-machine-work-imitation-game (Accessed: 25 Jan. 2020)
[6] Rosencrance, L. (2019) Top 10 types of information security threats for IT teams [Online]. Available at: https://searchsecurity.techtarget.com/feature/Top-10-types-of-information-security-threats-for-IT-teams (Accessed: 25 Jan. 2020)
[7] Spacey, J. (2016). Security Event vs Security Incident [Online]. Available at: https://simplicable.com/new/security-event-vs-security-incident (Accessed: 25 Jan. 2020)
[8] A guide to insider threats in cybersecurity [Online]. Available at: https://www.redscan.com/news/a-guide-to-insider-threats-in-cyber-security/ (Accessed: 25 Jan. 2020)
[9] Brown, B. (2010). Sony BMG rootkit scandal: 5 years later [Online]. Available at: https://www.networkworld.com/article/2194292/sony-bmg-rootkit-scandal--5-years-later.html (Accessed: 30 Jan. 2020)
[10] Dressler, J. (2007). United States v. Morris. Cases and Materials on Criminal Law. St. Paul, MN: Thomson/West. ISBN 978–0–314–17719–3.
[11] McMillan, R. (2012). How the Boy Next Door Accidentally Built a Syrian Spy Tool [Online]. Available at: https://www.wired.com/2012/07/dark-comet-syrian-spy-tool/ (Accessed: 2 Feb. 2020)
[12] Lee, T.B. (2017). The WannaCry ransomware attack was temporarily halted. But it’s not over yet. [Online]. Available at: https://www.vox.com/new-money/2017/5/15/15641196/wannacry-ransomware-windows-xp (Accessed: 2 Feb. 2020)
[13] What is a DDoS Attack? [Online]. Available at: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ (Accessed: 3 Feb. 2020)
[14] 5 Most Famous DDoS Attacks [Online]. Available at: https://www.a10networks.com/blog/5-most-famous-ddos-attacks/(Accessed: 4 Feb. 2020)
[15] The Top 9 Cyber Security Threats That Will Ruin Your Day [Online]. Available at: https://www.thesslstore.com/blog/the-top-9-cyber-security-threats-that-will-ruin-your-day/ (Accessed: 4 Feb. 2020)
[16] Mathews, L. (2017). Equifax Data Breach Impacts 143 Million Americans [Online]. Available at: https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/#4b97683c356f (Accessed: 6 Feb. 2020)
[17] Grace, A. 10 cybersecurity best practices that every employee should know [Online]. Available at: https://us.norton.com/internetsecurity-how-to-cyber-security-best-practices-for-employees.html (Accessed: 8 Feb. 2020)
