Cybersecurity Issues at JK Company

Verified

Added on  2022/12/30

|11
|3067
|80
AI Summary
This document discusses the cybersecurity issues faced by JK Company, including phishing attacks, ransomware, malware attacks, software supply chain attacks, and data theft. It provides an overview of each issue and proposes solutions to address them. The document emphasizes the importance of data confidentiality, integrity, and availability in the company.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: CYBER SECURITY ISSUES 1
Cybersecurity issues
Name:
Institution:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CYBER SECURITY ISSUES
2
Cybersecurity issues
Overview
JK is an accounting company which is located in Perth Western Australia. The company has
employed five employees who are computer illiterate and in addition, the company is expecting
to increase the number of employees to be more than 10. And over the past two years, a 17 years
old boss niece was responsible for all the computer issues and networks in the company. Since
then JK has advanced into online marketing and now are sending confidential documents to their
customers through online services. And recently the JK employees experience the slow operation
in the computer and the malware is always displayed on the computer any time the computer is
connected to the internet (Aldawood, & Skinner,2019).
The current networking of JK company is consists of the standard operating environment (SOE)
which consists of Windows 10 laptops and all of the laptops are currently update using current
Microsoft. And in addition, all the laptops lack security software. The access to the internet in
the company is through ADSL by using D-link DSL -2740B wireless router. AQNap Ts-412
NAS is used as a backup worked station for data using WinSCP. The user name and passwords
for the admin is very weak since its username is admin and password also is admin. Moreover, a
window 2000 server was formerly operation in the organization but now it’s not functioning
(Jokar, Arianpoo, & Leung, 2016). Also, all the employees have been receiving the spam
messages daily and the employees can access each other email account and confidential data
send via email is not well secured. At the JK company employees have no idea about the policies
and rules guiding the employees and also how to handle the security issues in the company this is
shown when one of the employees found the USB flash in the car and used in the computers
(Thomas, Zand, Barrett, Ranieri, Invernizzi,& Margolis,2017)
Document Page
CYBER SECURITY ISSUES
3
The current situation at JK now is that the employees believe the everything concerning the
security issues is in place. But currently, the manager has realized there are security issues which
should be addressed in order to enhance the well running of the JK Company. Below is a table
that clearly shows five cybersecurity issues experience at JK Company.
Cybersecurity issue Explanation
Phishing attack A phishing attack is one of the social engineering attacks which are
created by intruders in order to gain access to logins of the user in the
company and also various credentials. By using the credentials sent by
intruders or clicking the links and hyperlinks and replying the phishing
emails will cost a company a lot since the company's information will be
directed to the source which is malicious.
The following security issue should be addressed as soon as possible so
that data confidentiality is enhancing the company. Confidentiality is
referred to as a situation where data and information are protected from
being access by unauthorized users (Randall, & Kroll, 2016). Thus only
people who are authorized to do so, are only allowed to get access to
sensitive data. For instance, at JK Company there is no confidentiality
since the employees in the company share their email accounts. Also,
confidential data and information are stored in the email without using
any encryption techniques. And if the company failed to act upon the case
of confidentiality then a lot of data will get lost due to that every
individual can access the data. Lack of maintaining confidentially of data
means that anyone can access to a given data via accident or intention-
behavior and this breach of data can reveal the company information and
it cannot be unrevealed once it entered into hands of an unauthorized
individual, thus the company should address the rising issues as soon as
possible.
To address these issues in the company is a big challenge and the
company should do this by creating cyber awareness program which will
assist the employees in identifying any phishing attack so that their
confidential information is secured. In addition, the company can do cyber
threat assessment; this will assess the company to see if their employees
within the company are familiarized with phishing attack tactics (Kshetri,
2017).
Below are graphs showing security awareness for phishing attacks.
Document Page
CYBER SECURITY ISSUES
4
Alternative: The give solution to this phishing attack is better for the
alternative because the alternative one will have to employ the expert
individual in the organization who will be responsible for monitoring the
system. In this case, the company will require skill personal which will
cause the company a lot in terms of cost.
Cost: The cost of solving this issue will be $ 1.3 million. Phishing and
social engineering will cost 0.9Million, training of employees will cost 0.4
Million (Hong, 2012).
Ransomware This cybersecurity is bringing a great challenge to JK company and it
needs more attention. The ransomware has the capacity to cause a
complete loss of the data and information in the company; this is because
it attacks the secured database systems and encrypted data and as results,
they corrupt or delete the data. This cybersecurity should be address
immediately so that possible so that it can enhance the company data
integrity. Integrity is the process of ensuring the information authenticity,
at JK Company (Abomhara, 2015). if integrity is enhanced then the data
in the company will not be altered and the source of the information in the
company will be genuine. In addition, the data integrity will reduce the
leaking of data due to that the company now is operating on the online
services. If the JK Company fails to enhance integrity then the attackers
may navigate into their website and they can be altered with their services
specifically the attackers may change various operations of the company
or they may delete their files. Also, the immediate solution for
cybersecurity is needed so that it can protect the company from any
malicious attack which includes the cases where the attackers can
redirects the company traffics to a different website. Also to get rid of a
lot of spam messages received by the employees each day, then these

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CYBER SECURITY ISSUES
5
issues should be addressed as soon as possible thus making the company
data to be at the safe side (Sadeghi, Wachsmann,& Waidner, 2015).
The issues will be addressed by utilizing cryptography methods to protect
the data in the email. The laptop security will be enhanced through the use
of antivirus software which includes the AVAST, this security software
must be installed in every laptop and should be updated frequently. Since
the company uses various operating systems and web browsers then the
operating system should be frequently updated to fits the company needs
and also sensitive data from email should not exposure. Lastly, rules and
regulation should be established that should guide employees on keeping
the companies privacy, for instance, the law should be set that requires
every employee to set a strong password in the emails and also they
should avoid sharing the emails. Below is a graph the explain how
Ransomware will be detected and protected.
Alternative: There is no other alternative which will be better than
utilizing the cryptographic method to protect the data and downloading of
antivirus to secure the laptop in the company. Also, the solution is better
since it will guide employees to adhere to company privacy since various
laws and policies have been set up.
Cost: The cost of solving these issues is 1.5million. 0.6million will be
used for encryption of the data, 0.7 will be used in installing and
monitoring of some anti-virus software and 0.2 million will be used in
drafting the laws and policies in the company (No, & Vasarhelyi,2017).
Document Page
CYBER SECURITY ISSUES
6
Malware attack A malware attack is a type of cyber-attack issue in which unusual activity
may take place in the computer without being realized on time. At JK
company the malware will be greatly experienced since the employees are
computer illiterates and they can share their information with the intruders
without knowing. The reasons why these cybersecurity issues should be
addressed in time is because all the laptops in the company lack security
software such as anti-virus and firewalls. And if this is not settled on the
time it will make the JK company to seriously be vulnerable to the
malware, which the data and the information in the company will not be
secured as intruders can get access to data and information. (Aldawood, &
Skinner,2019).
The proposed way of addressing these cybersecurity issues is using the
complex and secure passwords, this will reduce the case of attackers
guessing the password due to that it is simple like for the case of email
password in JK company the password is admin and username is also
admin. The second way is through installing security software such as
firewalls and antivirus at the company laptops so that when there is an
unusual activity, then the matter can be identified and solved on time.
Below pie charts shows various malware attacks in the company.
Alternative: The reasons why the solution I provided is better than the
alternative approaches is that the solution will completely solve the
current situation at the JK company concerning the lack of security
software. There is no alternative to solving a malware attack rather than
installing the security software and creating a strong password.
(Abomhara, 2015). Also, the present technique and the other technique
will help to maintain the company data and running of laptops without
being altered due to the presence of a strong password. The solution we
had proposed is also better than other alternative techniques since the
proposed solution stops the spam messages which employees received
every day.
Document Page
CYBER SECURITY ISSUES
7
Cost: The cost of solving these issues is $1.0 million, 0.7 for installing
firewalls, 0.2 for installing antivirus and 0.1 million for setting passwords
by IT expert (Leukfeldt, Kleemans,& Stol, 2017).
Software supply
chain attack
This type of cybersecurity issues can occur during the updating of certain
software in the company. This cybersecurity issue is caused by various
injections and infections which cannot be noticed on time while updating
the software in the laptop (Burg, Chattopadhyay, & Lam, 2018). This
issue should be addressed as quickly as possible so that they can enhance
the availability of data and information in the company. Availability in
the company means that data and information are only accessible to
authorized users. If the software is updated without been keen it will
allow the attackers to compromise the company data.
To address the above issue the JK company should have a mechanism
which will be used in testing and monitoring updates in the laptops. They
will do this by using sandboxes which its function is to detect any unusual
behavior. In addition, another way to address the issue is through
monitoring the activities and behavior of the computer software to
identify unwanted patterns. Lastly is through detecting any unwanted
changes in the software updated process by regularly checking at the
websites package producers in the company laptop (Jokar, Arianpoo, &
Leung, 2016). Below statistics explains how the software supply chain
attack can be detected through monitoring and testing.
Alternative: The reasons why the above solution is better than other
solution is that the software update will be tested frequently so the laptop
will not get a fault or being attacked by intruders thus cost of computer
maintenance in the company will be reduced. In addition in the above
solution, the unusual pattern will be detected in the laptop when there is
unusual activity.
Cost: The cost of these issues is $ 1.2million dollars, 1.0 million will be
used in installing sandboxes and 0.2 will be used in monitoring the laptop
updates (Trautman, & Ormerod, 2016).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
CYBER SECURITY ISSUES
8
Data theft This is a cyber-security issue where one party can gain access to the data
of another party without any consent. At JK company data theft has
become a major issue which should be addressed as quickly as possible so
that the privacy of the data in the company is keeping. If the issue is
addressed on time the secrecy of the company will be kept from
competitors accessing the company (Gupta, Agrawal, & Yamaguchi,
2016). For example, employees should be trained to be keen on keeping
the company data, especially in the USB flash disk to avoid exposing
everywhere and also they will be guided no to share their emails.
To address this case of data theft in the company, then the company
should create a strong password in all the laptops and encourage every
employee to not expose their password to somebody else. Also, the
company should utilize the uses of cryptographic techniques so that their
data will always be saving (Collins, 2016). The following charts show
how data theft has affected the company.
Alternative: The solution above is better than alternative since the
solution can provide immediate feedback on the matter of solving the case
of data theft. In addition, the solution provides a reliable cryptographic
technique which can solve the data from being stolen.
Cost: The cost of solving this issue is $ 0.7 million, 0.3 million in
employees training and 0.4 in encryption of company laptop using cipher
codes (La Torre, Botes, Dumay, Rea,& Odendaal,2018)
.
Document Page
CYBER SECURITY ISSUES
9
References
Collins, A. (Ed.). (2016). Contemporary security studies. Oxford university press.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cybersecurity. IGI Global.
Jokar, P., Arianpoo, N., & Leung, V. C. (2016). A survey on security issues in smart grids.
Security and Communication Networks, 9(3), 262-273.
Burg, A., Chattopadhyay, A., & Lam, K. Y. (2018). Wireless communication and security issues
for cyber-physical systems and the Internet-of-Things. Proceedings of the IEEE, 106(1),
38-60.
Abomhara, M. (2015). Cybersecurity and the internet of things: vulnerabilities, threats, intruders
and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Aldawood, H., & Skinner, G. (2019). Reviewing Cyber Security Social Engineering Training
and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet, 11(3), 73.
Document Page
CYBER SECURITY ISSUES
10
Sadeghi, A. R., Wachsmann, C., & Waidner, M. (2015, June). Security and privacy challenges in
the industrial internet of things. In 2015 52nd ACM/EDAC/IEEE Design Automation
Conference (DAC) (pp. 1-6). IEEE.
No, W. G., & Vasarhelyi, M. A. (2017). Cybersecurity and continuous assurance. Journal of
Emerging Technologies in Accounting, 14(1), 1-12.
Randall, K. P., & Kroll, S. A. (2016). Getting Serious about Law Firm Cybersecurity. NEW
JERSEY LAWYER, 55.
Kshetri, N. (2017). Blockchain's roles in strengthening cybersecurity and protecting privacy.
Telecommunications policy, 41(10), 1027-1038.
Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors' and Officers' Cybersecurity
Standard of Care: The Yahoo Data Breach. Am. UL Rev., 66, 1231.
La Torre, M., Botes, V. L., Dumay, J., Rea, M. A., & Odendaal, E. (2018). The fall and rise of
intellectual capital accounting: new prospects from the Big Data revolution. Meditari
Accountancy Research, 26(3), 381-399.
Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017). Cybercriminal networks, social ties, and
online forums: social ties versus digital ties within phishing and malware networks. The
British Journal of Criminology, 57(3), 704-722.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017,
October). Data breaches, phishing, or malware?: Understanding the risks of stolen
credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and
Communications Security (pp. 1421-1434). ACM.
Hong, J. (2012). The state of phishing attacks. Commun. ACM, 55(1), 74-81.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CYBER SECURITY ISSUES
11
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]