This case study discusses the importance of cybersecurity for ABCT, identifies security vulnerabilities, and explores emerging attacks such as cryptojacking and IoT device threats. It provides recommendations to improve system security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Cybersecurity Case Study of ABCT Unit Code Assessment Number Information Security Technologies Case Study of ABCT Student Name Student Number CQU Email Address Instructor Unit Coordinator 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybersecurity Case Study of ABCT Executive Summary The main aim of the report was to give ABCT a way that they can use in improving their system security and all the related policies. The organization had consulted a consultant to prepare the document with regards to the cybersecurity on how their staff can be trained the basics of cybersecurity. The report objectives were discussing cyberscecurty and why it should be important to the organization in all aspects. In addition, it was good to identify some of the security vulnerabilities that ABCT was encountering and how much can be mitigated. The investigation was based on other case scenarios with such cybersecurity issues. Some of the vulnerabilities and emerging threats that may pose a threat to ABCT were discussed such as Cryptojacking, Internet of Things (IoT) Device threats, Cross-site Scripting, Geopolitical Risks, Unpatched security vulnerabilities among others. Cybersecurity is very wide and can only be understood if all the involved parties are considered when making the decisions in all ways. Decisions made in any organization will not be achieved effectively with regards to the objectives of the staff at the operational level are not included. Every company desire is to make their customer satisfied in all aspects, build and maintain their reputation among others such as maximizing on profit. In building a good firm, security starts from within; the company should make sure that all the employees are aware of the consequences of bridging the company information to the intruders. In understanding the cybersecurity, the report has recommended some of the things that need to be done such as doing regular backups, installation of anti-malware software, training the employees on the basics of cybersecurity and documenting the cybersecurity policies among others. 2
Cybersecurity Case Study of ABCT Table of Contents Executive Summary.........................................................................................................................1 1.0 Introduction................................................................................................................................3 2.0 Cybersecurity and Its Importance..............................................................................................3 3.0 Security Vulnerabilities at ABCT..............................................................................................5 4.0 Emerging Attacks at ATCB.......................................................................................................7 4.1 Cryptojacking.........................................................................................................................7 4.2 Internet of Things (IoT) Device threats.................................................................................7 4.3 Geopolitical Risks..................................................................................................................7 4.4 Cross-site Scripting................................................................................................................8 4.5 Mobile Malware.....................................................................................................................8 5.0 Conclusions................................................................................................................................9 6.0 Recommendations......................................................................................................................9 List of References..........................................................................................................................11 3
Cybersecurity Case Study of ABCT 1.0 Introduction ABCT is one of the most known Australian technology company that deals with different kinds of highly technical products that usually includes both hardware and softwares. ABCT usually have branches national full and two other offices on the overseas. They use a virtual private network to provide all their computer services. ABCT usually allow their staff to work from their premises (through the use of the VPN Connections) they also have a BYOD ( Bring Your Device) policy for all their staff working onsite. Each given location has got a free wireless LAN that is accessed by the visitors. They currently have about 10,000 regular customers. They store the customer and products records in the cloud. In the recent scenarios, the company has been a victim of cyber-attack, the hackers and attackers may have hold of the customer information. As a company, they are so much worried about losing the regular customers loyalty and trust which may lead to them losing much revenue. The main aim of this report is to give ABCT a way that they can use in improving their system security and all the related policies. The organization has asked one as the consultant to prepare the document with regards to the cybersecurity on how their staff can be trained the basics of cybersecurity. The report objectives are discussing cyberscecurty and why it should be important to the organization in all aspects. Besides, it will be good to identify some of the security vulnerabilities that ABCT will be encountering and how much can be mitigated. Also, the report will state some and discuss some of the emerging threats that that might affect them, how they attack and which technique they use so that they would be aware of. The report will be concluded by giving recommendations based on the technique and cybersecurity threats mentioned that may harm the company in all aspects. 2.0 Cybersecurity and Its Importance. This may also be referred as the computer security, it is the protection of the systems of the computers from being attacked, theft or even the damage of the hardware, the software itself or the electronic data as well from any disruptions or misdirections with regards to the services they offer to the people. ABCT is one of the victims of cyber attacks and thus it is good to know some of the importance of the staff understanding the cybersecurity basics in all aspects. It is also known as information technology security(Segal, 2018).Ideally, this refers to the collection of technologies, processes and the practices with an intention of ensuring that the system devices, 4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybersecurity Case Study of ABCT ventures and information from attack, harm any unauthorized access. Some of the importance of cybersecurity is as explained below. Ideally, the cost of recovering from an attack in any company regardless of the damage might be very costly and difficulty for a company to persevere. The ongoing editions and researches have clearly shown that the proposed expense normally in information rupturing in larger company’s amount to about 20,000 pounds(Abomhara, 2015). Notably, as it is, this is not a genuine cost with regards to attack made on the firm. In this case, it may not only be money in relation to the harm they may have caused to the business or any remedy expense. Ideally, pretty much every business has a their own sites and systems in remote areas which are uncovered and that could furnish culprits as much focus is put on the systems inside or close to them. Many software developers have a great deal in developing information ideas and breaks which indeed may deal with incalculable instances of well-subsidized and facilitated digital assaults against the absolute biggest organizations in the United Kingdom. With very refined assaults now typical, organizations need to expect that they will be ruptured eventually and objectify on all the controls that assist in identifying and reacting to pernicious action before it causes harm and disturbance. While well-supported and knowledgeable software developers have been representing a notable risks to one business, hacking has heightened to its operation to many apparatuses and web projects implying that there is a lot of danger from people without knowledge with regards to such attacks.(Ibrahim, 2018). The concept of making the cybercrime commercialized has made it simple for anyone to get assets they may have dispatched harming attach, for instance, te crypto mining and ransomware cases. Ideally, there are many splendid contraptions than whenever in the ongoing memory which are related with World Wide Web. They are usually referred to as IoT and are usually applied in homes as well in the working environments. Externally, most of the devices can unravel and quicken assignments, similarly as offer increasingly imperative elements of control and accessibility. Their extension, in any case, shows an issue. It isn't just criminal attacks that mean associations ought to be more placed assets into cybersecurity than some other time in late memory. The introduction of rules, for instance, the GDPR infers that affiliations need to focus on security more than ever or face generous fines. 5
Cybersecurity Case Study of ABCT Cybersecurity is critical on the grounds that organization, military, corporate, fiscal, and therapeutic affiliations accumulate, methodology, and store wonderful proportions of data on PCs and various contraptions. An imperative portion of the information may be sensitive, paying little sense to what need to be ensured in advance, money-related information, parental information, or various sorts of information where there is unauthorized access or intrusion with negative influence. Ideally, many organizations usually transmit data which is tricky and done transversely over the systems and the several devices through the organization, and cybersecurity delineates the request dedicated to guaranteeing that information and the systems used to process or store it (Guardian, 2018). As in front of timetable as of March 2013, the nation's top learning experts admonished that computerized ambushes and propelled spying are the top risk to national security, clouding even dread mongering. 3.0 Security Vulnerabilities at ABCT In this organization, there is a lot that needs to be understood in terms of company security. There exist information with regards to the product, customer’s information, staff information, policies set with regards to company privacy and confidential and the revenue that is earned by the company. Ideally, to understand the security vulnerabilities there is need to understand the above-mentioned aspects. Some of the vulnerabilities are such as; The unpatched security vulnerabilities where are countless threats which are new and being developed on a daily basis and thus many organizations are relying on the old security vulnerabilities to be functional. With such a large number of malware hoping to misuse a similar couple of vulnerabilities over and over, one of the greatest dangers that a business can take is neglecting to fix those vulnerabilities once they are found. It is very regular for a business—or even only the individual clients on a system—to reject the "update accessible" updates that spring up in specific projects since they would prefer not to lose the 5-10 minutes of beneficial time that running the update would take. Refreshing is an irritation to general clients. In any case, it is a "disturbance" that could spare a untold business measures of time, cash, and lost business later. The simple fix is to keep up a normal update plan—multi-day of the week where your IT group checks for the most recent security patches for your association's product and guarantees that they are connected to the majority of your organization's frameworks. 6
Cybersecurity Case Study of ABCT The second vulnerability is the organization Internet of Things (IoT) devices. The IoT has been encompassed by many smart devices such as the Wi-Fi refrigerators, wireless printers, robots which have been manufactured among other machines(Bonaci, 2015). The issue with these gadgets is that they can be seized by aggressors to frame slaved systems of traded off gadgets to do additionally assaults. More terrible yet, numerous organizations don't understand exactly what number of IoT gadgets they have on their systems—implying that they have unprotected vulnerabilities that they are not mindful of. These obscure gadgets speak to a monstrous chance to aggressors—and, a gigantic hazard for organizations. To limit the hazard from IoT gadgets, a security review ought to be played out that recognizes the majority of the dissimilar resources on the system and the working frameworks they're running (Dofe, 2016) . Along these lines, these IoT gadgets can be appropriately represented in the organization's cybersecurity technique. Such reviews ought to be performed intermittently to represent any new gadgets that might be added to the system after some time. Lastly is the ABCT own Employees vulnerability. This is one of the biggest vulnerability of ACBT. Regardless of whether it is the aftereffect of deliberate impropriety or a mishap, most information ruptures can be followed back to an individual inside the association that was broken. For instance, workers may manhandle their entrance benefits for the individual increase. Alternatively, on the other hand, a representative may tap on the wrong connection in an email, download the wrong document from an online website, or give the wrong individual their client account certifications—permitting aggressors simple access to your frameworks. A portion of similar counteractive action methods referenced in the counter phishing projectiles can be connected to avoid information breaks brought about by representatives (Dosal, 2018). For instance, utilizing a strategy of least benefit shields clients from approaching a lot of information on the double, making it harder for them to take data. Also, cybersecurity mindfulness preparing enables representatives to spot phishing endeavors and other social designing style assaults so they won't succumb to them(Coppolino, 2017). Realizing what the greatest dangers to your business are is the initial step to securing your (and your clients') delicate information. Notwithstanding, it takes a great deal of diligent work, mastery, and carefulness to limit one cybersecurity dangers. 7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybersecurity Case Study of ABCT 4.0 Emerging Attacks at ATCB. Ideally, many firms such as ABCT should work upon bridging the gap between communicating technical aspects of the IT security and the outcomes of the business such as how customer are satisfied, health financially and the reputation of the organization(Gupta, 2016). Some of the emerging threats which might affect the ABCT Company are such as the following explained below. 4.1 Cryptojacking This has been explained via the use of the Ransomware; this has been one of the greatest threats which have impacted many businesses for the last two years(DeNisco-Rayome, 2019). This has exploited the basic vulnerabilities which include the lack ofa network segment and backups in an organization. These threat actors have employed the same variants for ransomware which there before used to encrypt on the data ransom on the organization's resources all the systems by mining for the cryptocurrency. 4.2 Internet of Things (IoT) Device threats. Organizations such as ABCT are adding an ever-increasing number of gadgets to their frameworks. Many organization is proceeding to include arrangements like surveillance cameras and keen holder ships, and a ton of these gadgets do not have how you will oversee them calculated into the plan of the items. Upkeep is frequently the last thought with regards to IoT. Organizations that need to remain safe ought to necessitate that all IoT gadgets be reasonable and execute a procedure for refreshing them. 4.3 Geopolitical Risks Many organization have considered their products based on implementation, storage in terms of the cybersecurity tasks(Zhang, 2015). When one has such guidelines and policies such as GDPR and danger on-screen characters that rise up out of country states like Russia, China, North Korea, and Iran, an ever increasing number of associations are starting to assess the complexities of the security controls of their sellers and their providers. They are taking a gander at geopolitical hazard as a digital hazard, while in the past geopolitical was kind of a different hazard work, having a place in big business chance." On the off chance that associations do not think about the area and geopolitical hazard, those that store information in an outsider or a country express that is extremely touchy will risk 8
Cybersecurity Case Study of ABCT danger on-screen characters or country state assets being utilized against them. Ideally, on the off chance that you do that, at that point, you likewise sway the business result. 4.4 Cross-site Scripting Many organizations have struggled so much in trying to avoid the cross-site scripting (XSS) attacks in the cycle developments. The report claims that more than 21% of all the vulnerabilities identified by the BB Programs are such as the XSS areas which makes them lead in the vulnerability type. XSS assaults enable enemies to utilize business sites to execute untrusted code in an injured individual's program, making it simple for a criminal to collaborate with a client and take their treat data utilized for verification to commandeer the site with no qualifications. Security groups regularly rebate the seriousness of this assault. However, bug abundance projects can help recognize XSS assaults and different shortcomings in one’s frameworks. 4.5 Mobile Malware. Ideally, considering that ABCT has many staff and thousands of Loyal and regular customers, they are all prone to mobile malware which has increasingly being a top target of attack. The greatest torment point in this space is the Android introduced base (Yaqoob, 2017). The Google designer site demonstrates that most by far of Android gadgets on the planet are running really old variants of Android. What is more, when one takes a gander at the inspirations of a great deal of IoT gadget producers, it is trying to get them to keep on supporting gadgets and get opportune patches, since then one is returning to portable issues. Associations ought to guarantee representative access to an enemy of malware arrangement, Forrester prescribed. Regardless of whether it is not overseen by the association, this will reduce some security concerns. 5.0 Conclusions Cybersecurity is one of the areas that need to be considered by any company that stores its information on the cloud. Ideally to understand this each company should be set in a manner 9
Cybersecurity Case Study of ABCT that all the people understand the policies and regulations that are set with regards to the customer and staff informations. There exist many threats in many companies such as ABCT. The research based on some of the scenarios that the company may have undergone. The case study indicates the company was considered a victim of the cyber attacks which led to bridging the relationship on the information of customers and theorganization's reputations. The report has helped one to understand the emerging threats that the company should be aware of in all aspects with regards to the company objectives in all ways. Ideally, any company should be aware of what they face and how they want to deal with it in all ways. In understanding such awareness, it is good for the employees to be trained on the different policies with regards to the information they handle. Cybersecurity is very wide and can only be understood if all the involved parties are considered when making the decisions in all ways. Decisions made in any organization will not be achieved effectively with regards to the objectives of the staff at the operational level are not included. Every company desire is to make their customer satisfied in all aspects, build and maintain their reputation among others such as maximizing on profit. In building a good firm, security starts from within, the company should make sure that all the employees are aware of the consequences of bridging the company information to the intruders. 6.0 Recommendations As a company, it is good for any business to document all the cybersecurity policies that should be followed. In this case, cybersecurity will be fundaments in documenting one protocol. This usually provides online training, do some checklists and information that will be used in helping the business to protect its information online. Educate all the employees. The first step to any organization in curbing the cases of security threats is educating all its staffs, this will help the employees to be able to know in any case there are updates on the new protocols. In this case, most employees after training should be held accountable in case of an event by signing a document showing that they are well informed of the policies and clearly understand the actions to be taken if they fail to follow the security policies. Regularly back up all data. This will be important in preventing as many attacks as possible, this may still be possible in breaching the network regardless of any precaution. 10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybersecurity Case Study of ABCT According to SBA, it is good to back up all the word, spreadsheets, databases, financial files and payable files documents. In making sure that it is stored, it is good to confirm if the data has been stored in the cloud. List of References Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks.Journal of Cyber Security and Mobility,4(1), pp.65-88. 11
Cybersecurity Case Study of ABCT Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T. and Chizeck, H.J., 2015. To make a robot secure: An experimental analysis of cyber security threats against teleoperated surgical robots.arXiv preprint arXiv:1504.04339. Cerrudo, C., 2015. An emerging US (and world) threat: Cities-wide open to cyber attacks.Securing Smart Cities,17, pp.137-151. Coppolino, L., D’Antonio, S., Mazzeo, G., & Romano, L. (2017). Cloud security: Emerging threats and current solutions.Computers & Electrical Engineering,59, 126-140. DeNisco-Rayome, A., 2019.Five emerging cybersecurity threats you should take very seriously in 2019.[Online]Available at:https://www.zdnet.com/article/five-emerging- cybersecurity-threats-you-should-take-very-seriously-in-2019/[Accessed 15 May 2019]. Dofe, J., Yu, Q., Wang, H., & Salman, E. (2016, May). Hardware security threats and potential countermeasures in emerging 3D ICs. InProceedings of the 26th edition on Great Lakes Symposium on VLSI(pp. 69-74). ACM. Dosal, E., 2018.Top 5 Cybersecurity Threats and Vulnerabilities.[Online] Available at: https://www.compuquip.com/top-5-cybersecurity-threats-and-vulnerabilities[Accessed 15 May 2019]. Guardian, D., 2018.digitalguardian.com.[Online] Available at:https://digitalguardian.com//what-cyber-security[Accessed 15 May 2019]. Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016).Handbook of research on modern cryptographic solutions for computer and cyber security. IGI global. Ibrahim, A.S., Hamlyn-Harris, J. and Grundy, J., 2016. Emerging security challenges of cloud virtual infrastructure.arXiv preprint arXiv:1612.09059. Segal, C., 2018.8 Cyber Security Best Practices For Your Small To Medium-Size Business (SMB).[Online] Available at:https://www.coxblue.com/8-cyber-security-best-practices-for-your-small-to- medium-size-business-smb/[Accessed 15 May 2019]. 12
Cybersecurity Case Study of ABCT Yaqoob, I., Ahmed, E., ur Rehman, M. H., Ahmed, A. I. A., Al-garadi, M. A., Imran, M., & Guizani, M. (2017). The rise of ransomware and emerging security challenges in the Internet of Things.Computer Networks,129, 444-458. Zhang, Z. K., Cho, M. C. Y., & Shieh, S. (2015, April). Emerging security threats and countermeasures in IoT. InProceedings of the 10th ACM symposium on information, computer and communications security(pp. 1-6). ACM. 13