Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cybersecurity Issues and Solutions for JL Accounting Company

Verified

Added on 2023/06/05

AI Summary

This report was addressing the main cyber security issues experienced by JL accounting company with the aim of suggesting reliable and sustainable solutions. The main issues addressed are on cyber-attacks which included phishing, man-in-the-middle, ransomware, password, and denial of service attacks. There is urgency in addressing them to prevent further losses and attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

UNIT CODE :
UNIT TITLE :
ASSIGNMENT TITLE :
STUDENT NAME :
STUDENT ID NUMBER :
CAMPUS NAME :
TUTOR’S NAME :
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................................3
Report overview......................................................................................................................................3
Solution formulation................................................................................................................................3
Approach used.........................................................................................................................................3
Issues addressed......................................................................................................................................4
CONTENT.....................................................................................................................................................4
1. Ransomware attack.........................................................................................................................4
2. Password attacks.............................................................................................................................6
3. Denial-of-service attack...................................................................................................................7
4. Man-in-the- middle (MitM) attack...................................................................................................9
5. Phishing attack...............................................................................................................................11
Table showing comparison and contrast between chosen and alternative methods............................11
The financial breakdown table for recommended measures in comparison to current measures in JL 12
SUMMARY.................................................................................................................................................13
2

INTRODUCTION.
The JL accounting company is experiencing cybersecurity issues. Cybersecurity is a practice that
entails systems, networks, and programs protection against digital attacks directed into accessing,
manipulating, ruining, interfering with normal operations or money extortion from users (Yeh et
al.,2018).
To have an effective protection against cyber threats, various approaches should be applied
ranging from internet and computer users, computers, information and data, programs and
networks. These should complement each other (Conti et al.,2018).
Report overview.
This report points out and addresses the five major cybersecurity issues encountered by the JL
company. Along with pointing out the issues, the various approaches and recommendations on
the same have been given in detail regarding on how the issues can be dealt with in order to
fulfill the needs of clients and improve quality of service delivery both in present and future. The
account on the cost and effectiveness of the proposed approaches have been provided.
Solution formulation.
Effective solutions to the cybersecurity encountered by JL company were devised based on
existing challenges. The proper means for enhancing the security of the computer system and
network servers were considered.
Approach used.
The ability of system and operators to offer effective services at the present moment and in
future with aim of achieving its maximum profits while satisfying its clients was critically
analyzed. This was meant to determine the efficiency of adopting new cybersecurity measures as
compared to the existing.
3

Issues addressed.
The cybersecurity issues ranging from the computer system, communication channels, and
network security state are addressed. The possible solutions and recommendations to the
respective issues are addressed as well. The main issues among others addressed include
password attacks, ransomware attacks, phishing attack, man-in-the-middle attack, and denial-of-
service attack.
CONTENT.
This section gives a detailed description of the cybersecurity issues that are being experienced by
the JL company and its respective clients.
These main cybersecurity challenges are in five major categories which include; password
attacks, ransomware attacks, phishing attack, man-in-the-middle attack, and denial-of-service
attack.
1. Ransomware attack.
Ransomware is a malicious software that illegitimately gets installed into the user’s computer
system. This software once installed in the system or a network denies the owner of the system
(victim) to access in a computer or network (Lévesque et al.,2018). This is done by encryption
with unknown code to the user. The attacker issues threats to the victim of either revealing the
content of information to the public, destroying the information or deleting it unless some
amount of money(ransom) is paid to the attacker to restore the access (Honda,2018). The form of
attack can be by blockage of the whole computer system or file encryption. Some examples of
ransomware are bad rabbit which direct users to ransom demanding page once it infects the
computer. Crypto Locker malware both locks the system and encrypts the user’s files (Takeuchi
et al.,2018). (Fig 1 &2).
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Figure 1. How ransomware works.
5

Figure 2. How crypto locker works.
Solution to ransomware attack.
This should be addressed to prevent further losses.
Among the ways that can be employed against ransomware attack are (Huang et al.,2018):
Use of protection tools. Various tools can be used to provide protection against this attack by
detecting and blocking infected sites such as web pages and applications from infecting the
system. Such tools include InterScan TM Web security and Trend Micro Deep Security TM.
Use of Trend Micro Crypto-Ransomware File Decryptor Tool to decrypt some encrypted files.
Backing up sensitive and personal information in separate devices or in a cloud.
Use of reputable antivirus software and strong firewalls.
2. Password attacks.
The use of passwords and codes are among the ways that are used to protect the computer
system, network or information from unauthorized access (Fatima,2018). Passwords consist of a
combination of characters, either numbers or letters known to the related user(s) that give them
access to a certain system or information. The strength of a password depends on its length and a
combination of characters, the length of at least 8 characters and complicated combinations, the
stronger the password (Nelson,2018). For instance, JL company used a weak password to protect
its clients’ information in ONap TS-42 NAS. The password had a combination of 9 characters
"admin/admin" without any numbers. Such a password is prone to successful attack. Password
attack on the clients is evident in the case where the employees are able to gain access to
computers and email accounts without restriction.
Password of an individual can be attacked using various techniques. Common methods include a
brute force attack, dictionary attack, and keylogger attack. I brute force, an attacker uses a
computer program and various scripts on trial and error to find a possible password. In a
dictionary attack, an attacker cycles combination of common words from a common source to
obtain a password. In keylogger attack, an attacker uses a key logging malware which records
keystrokes of the user while entering his password (Nelson,2018). This situation should be
addressed to promote proper service delivery to clients and improve privacy and confidentiality.
6

Solution to password attack.
Among the effective solutions are as follows (Wang,2018):
Use of multi-factor authentication. This involves a combination of several security measures on
the same system such as a combination of PIN, password, and fingerprint.
The clients and employees must be educated on the need of keeping their passwords confidential.
It is evident that the five employees at JL company IT illiterates.
Formulation of and adherence to the security guidelines at the workplace. This includes limiting
access of unauthenticated personnel to the SOE.
Implementation of lockout policy. This automatically locks an account when invalid passwords
are keyed in severally by an intruder.
The company has to employ cryptography methods in order to protect the client's information
while sending to them. This will ensure the security of the information (Wei et al.,2018).
3. Denial-of-service attack.
This is a situation where the resources of a computer system or the server are overloaded with
requests. This makes the system to fail to respond to the requests of a legitimate user within the
expected time (Benson et al.,2018). For instance, the JL’s clients are complaining that their
computers are operating slowly. Depending on the motive of the attacker, the types of denial-of-
service attacks differ and they include:
TCP SYN flood attack- This is where an attacker sends a lot of connection requests to the
victim’s system. When the victim tries to respond to these requests, the requests are not sent back
to the attacker and thus the system of victim run to time out while processing the send
connections and in await of the attacker’s response. Consistency in this causes the system of the
victim to be too slow or crush. Under normal situation, once the server receives a request from
the client, it processes it and sends feedback to be acknowledged by the client in order to open
the TCP connection (Chambers et al.,2018).
Figure 3 below illustrates the SYN flood attack.
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Figure 3. Normal connection and SYN flooding.
Distributed Denial of Service Attack (DDoS)-This is where the attacker generates and directs
traffics from various anonymous sources to the victim’s computer or web server. This traffic
exhaust in the bandwidth and storage resources of target victim leading to system’s failure. This
is illustrated in the chart below. This should be addressed immediately before a great damage is
made on the system.
8

Figure 4. Structure of DDoS attack.
Solution to denial of service attack.
The following measures can be taken for protection against the attacks:
Installation of firewalls and antivirus to the network restricting bandwidth use to intended users
only.
Configuring a server and network firewall policies to prevent intruders from addressing a server
and its resources (Qin et al.,2018).
4. Man-in-the- middle (MitM) attack.
An attacker comes in between the communications of a server and a client. Example of MitM is
session hijacking (Vanhoef et al.,2018).
Session hijacking- an attacker camouflages to resemble trusted client by intercepting
communications between a client and server and replaces his IP address with that of the client as
the session is still going on from the server. The server will still recognize him as its usual client
(Vanhoef et al.,2018). (fig. 5).
9

Figure 5. Session hijacking MitM attack process.
This attack is portrayed in the JL company as neither clients nor service providers are raising the
complaint, clients feel that the company is providing services correctly and yet they are receiving
spam messages. This means that an attacker is monitoring the communications without their
awareness. This should be addressed early enough to prevent any misuse of clients’ information
by attackers.
The solution for a man-in-the-middle attack.
Installation of intrusion detection system for monitoring network. This will give an alert when an
attacker hijacks communication between the server and the client.
Use of encrypted virtual private networks which reinforce security layers for network access thus
making it difficult for an attacker to intercept communications.
Prevention of ARP spoofing by installing a dynamic host configuration protocol on the network
server switches (Jakobsson,2018).
The staff activities must be properly monitored and audited to ensure that there are not internal
man-in-the-middle attacks (Wolf & Goff.,2018).
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5. Phishing attack.
It is a social engineering attack where an attacker sends emails appearing to come from trusted
and known sources to the user. This occurs when the user opens the mail, malware loads into the
computer. The mail may contain a link directing the user to a certain website containing a
malware that tricks the user to give personal information such as bank accounts and passwords
(Martin, 2018). This evident as some clients are experiencing random popups with malware
features.
Sending of unencrypted confidential information to clients by JL possibly provided an
opportunity for attackers to intercept them, generate similar information and forward to the
clients as malware. This should be addressed to avoid any further attacks.
Solution to the phishing attack.
Educating the employees to be careful in analyzing the sources of emails before opening them.
Analysis of email headers to establish paths of how the mail entered into your address.
Sandboxing the emails by clicking the link within the mail to check its content and to establish
whether it is a genuine link or corrupt (Thomas,2018).
Table showing comparison and contrast between chosen and alternative methods.
Recommended measures Current conditions. Importance
Installation of antivirus
software into computers.
There is no laptop with
antivirus
Installation of antiviruses will
malware infection.
Installation of security
software.
None of the laptops contain
any security software.
This will ensure information
security of the clients and
service providers.
Employing IT experts with
enough skills on
cybersecurity.
None of the employees has IT
expertise.
Expertise will detect the
cybers security issue and
provide solution early enough
before losses occur.
Formulation and
implementation of policies
No policies or rules that guide
employees and clients on
This will promote
information security of both
11

and guidelines in regard to
the use of resources for both
employees and clients.
proper procedures for online
service access.
the clients, employees, and
company.
The financial breakdown table for recommended measures in comparison to current
measures in JL
Current state. Expense Recommended
measures
Expense.
Employment of
inexperienced people
in IT
Expensive since the
services offered do
not meet the
requirements, also
losses made.
Employing IT
experts.
Cheap since there
shall be no losses.
Any problem will be
detected and rectified
early enough.
No security software
against cyber-attacks.
Expensive. In the
case of ransomware
attacks where a lot of
money is demanded,
clients’ information
obtained
illegitimately and
used against the
client or company
Installation of
security software
against cyber attacks
on the system or
network.
Cheap as it will cut
off any expense that
could have been
encountered during
successful attacks.
Once the software is
purchased, they can
be updated hence no
extra costs incurred.
No rules and
guidelines regarding
the access and use of
server resources.
Costly since any
individual who might
be an attacker can
interfere with the
systems and thus
spending much to
repair it or loss of
valuable information.
Formulation of
proper and strict
guidelines for the use
of resources.
Cut down possible
extra costs from
attacks since the
clients and company
will avoid any
mistakes that would
expose them to the
attackers.
12

SUMMARY.
This report was addressing the main cyber security issues experienced by JL accounting
company with the aim of suggesting reliable and sustainable solutions. The main issues
addressed are on cyber-attacks which included phishing, man-in-the-middle, ransomware,
password, and denial of service attacks. There is urgency in addressing them to prevent further
losses and attacks. Recommendations were made on respective issues aiming at enhancing the
system and network security on the basis of financial cost, effectiveness, reliability, and
sustainability.
13

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

REFERENCES.
Benson, V., McAlaney, J., & Frumkin, L. A. (2018). Emerging Threats for the Human Element and
Countermeasures in Current Cyber Security Landscape. In Psychological and Behavioral
Examinations in Cyber Security,266-271.
Chambers, N., Fry, B., & McMasters, J. (2018). Detecting Denial-of-Service Attacks from Social Media
Text: Applying NLP to Computer Security. In Proceedings of the 2018 Conference of the North
American Chapter of the Association for Computational Linguistics: Human Language
Technologies, Volume 1 (Long Papers) (Vol. 1), 1626-1635.
Conti, M., Dehghantanha, A., Franke, K., & Watson, S. (2018). Internet of Things security and forensics:
Challenges and opportunities.
Fatima, R., Siddiqui, N., Umar, M. S., & Khan, M. H. (2018). A Novel Text-Based User Authentication
Scheme Using Pseudo-Dynamic Password. In Information and Communication Technology for
Competitive Strategies,177-186.
Honda, T., Mukaiyama, K., Shirai, T., Ohki, T., & Nishigaki, M. (2018). Ransomware Detection
Considering User's Document Editing. In 2018 IEEE 32nd International Conference on Advanced
Information Networking and Applications (AINA),907-914.
Huang, D. Y., Aliapoulios, M. M., Li, V. G., Invernizzi, L., Bursztein, E., McRoberts, K., ... & McCoy, D.
(2018). Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy
(SP),618-631.
Jakobsson, B. M. (2018). U.S. Patent Application No. 10/057,247.
Lévesque, F. L., Chiasson, S., Somayaji, A., & Fernandez, J. M. (2018). Technological and Human
Factors of Malware Attacks: A Computer Security Clinical Trial Approach. ACM Transactions on
Privacy and Security (TOPS), 21(4), 18.
Martin, J., Dubé, C., & Coovert, M. D. (2018). Signal Detection Theory (SDT) Is Effective for Modeling
User Behavior Toward Phishing and Spear-Phishing Attacks. Human factors,
0018720818789818.
Nelson, B. (2018). Virtual Patching: Fighting Brute Force Attacks in a Software Defined Network (Doctoral
dissertation).
Qin, J., Li, M., Shi, L., & Yu, X. (2018). Optimal denial-of-service attack scheduling with energy constraint
over packet-dropping networks. IEEE Transactions on Automatic Control, 63(6), 1648-1663.
14

Takeuchi, Y., Sakai, K., & Fukumoto, S. (2018). Detecting Ransomware using Support Vector Machines.
In Proceedings of the 47th International Conference on Parallel Processing Companion,1.
Thomas, J. (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent
identity theft and ransomware attacks.
Vanhoef, M., Bhandaru, N., Derham, T., Ouzieli, I., & Piessens, F. (2018). Operating Channel Validation:
Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks.
Wang, D., Ming, J., Chen, T., Zhang, X., & Wang, C. (2018). Cracking IoT Device User Account via Brute-
force Attack to SMS Authentication Code. In Proceedings of the First Workshop on Radical and
Experiential Security, 57-60.
Wei, M., Golla, M., & Ur, B. (2018). The Password Doesn’t Fall Far: How Service Influences Password
Choice. Who Are You.
Wolf, D. G., & Goff, D. L. (2018). A ransomware research framework: poster. In Proceedings of the 5th
Annual Symposium and Bootcamp on Hot Topics in the Science of Security,26.
Yeh, E. R., Choi, J., Prelcic, N. G., Bhat, C. R., & Heath Jr, R. W. (2018). Cybersecurity Challenges and
Pathways in the Context of Connected Vehicle Systems,134.
15

1 out of 15

+13062052269

info@desklib.com

Cybersecurity Issues and Solutions for JL Accounting Company

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Methods to Address Cybersecurity Issues in JL Organization

Cyber Security Concerns and Solutions for a Small Accounting Company

Security Engineering: Cyber Security Threats and Impacts

Hacking and Cybersecurity

Cyber Security Issues and Solutions for JL Company

Introduction to Cyber Security