Cybersecurity Risks and Recommendations for ABCT

Verified

Added on  2023/03/23

|13
|3833
|55
AI Summary
The report discusses the major risks and threats in ABCT and further discusses the emerging threats to which ABCT is exposed to. On basis of the identified active threats, certain recommendations are made at the end of the report. The recommendations will enable the organization to improve their data security aspects.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: PROFESSIONAL SKILLS
Professional Skills
Name of Student
Name of University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
PROFESSIONAL SKILLS
Executive Summary
The aims of the report is to discuss the cybersecurity issues that can significantly affect the data
security of ABCT. ABCT is an organization that is exposed to cybersecurity risks and therefore,
a report is being prepared to provide some recommendations to the organization regarding
strengthening the cybersecurity risks and issues linked with the organization. The report
discusses the major risks and threats in ABCT and further discusses the emerging threats to
which ABCT is exposed to. On basis of the identified active threats, certain recommendations
are made at the end of the report. The recommendations will enable the organization to improve
their data security aspects.
Document Page
2
PROFESSIONAL SKILLS
Table of Contents
Introduction..........................................................................................................................3
1. Cybersecurity and its importance for ABCT...................................................................3
2. Identification of 3 security Vulnerabilities in ABCT’s system.......................................5
3. Different types of emerging Threats................................................................................6
Conclusion...........................................................................................................................8
Recommendations for protecting home and office from Cyber attack................................8
References..........................................................................................................................10
Document Page
3
PROFESSIONAL SKILLS
Introduction
The recent advances in the computer networks and growth in the use of interconnected
devices through internet, increases the information and data security risks. The different types of
cyber security risks include, malware attack, phishing attack, DDOS attacks and others. The
increase in the number of cyber-attack enforces the need of understanding the various aspects of
cybersecurity. Cybersecurity is considered to be a crucial practice linked with protection of
integrity, confidentiality and information availability (McLaughlin et al., 2016). The report aims
in development of a cyber-security document for ABCT as the organization has been a recent
victim of several cyber-attacks. The client company ABCT is a technology company of Australia
whose business ranges from high-tech products including software and hardware. The company
currently has almost 10,000 customers, information of which is stored in cloud. Any
cybersecurity attack on the network of the company will risk the data of the customers.
Therefore, the organization is in need of improving the cybersecurity options and therefore, this
cybersecurity report is being generated. By generating this cybersecurity report, the company
ABCT will be able to understand the cybersecurity needs of the organization. The
recommendations that will be included in the cybersecurity report will help ABCT in enforcing
effective controls in the organization.
The cyber security report prepared for ABCT, will discuss the concept of cybersecurity
and its importance in ABCT, the security vulnerabilities linked with the ABCT system, the
threats and the recommendations for protecting home and office from cyber-attack.
1. Cybersecurity and its importance for ABCT
Cyber-security can be described as an essential practice that can help in protecting the
systems, network, and hardware to maintain data confidentiality and information integrity
(Craigen, Diakun-Thibault & Purse, 2014). The main aim of enforcing cybersecurity within the
organization is to prevent the most critical risks that an individual or an organization might face
as a result of cyber-attack. The cybersecurity is a practice that helps in protecting the networks,
systems and programs from digital attacks. These digital attacks are termed as cyber-attacks. The
techniques that are used in managing the integrity of the programs and networks to reduce the
unauthorized access is known as cybersecurity (Cherdantseva et al., 2016). The state or the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
PROFESSIONAL SKILLS
processes that helps in protection of the devices, networks and the programs is termed as
cybersecurity. Therefore, the appropriate cybersecurity measures in the organization can
significantly help in reducing the chances or probability of cyberattacks within the organization.
Therefore, it is necessary to understand the importance of the concept of cybersecurity in an
organizational context (Abawajy, 2014). The responsibility of cybersecurity is generally given to
management and it is the duty of the management to enforce the required security measures
within the organization.
The organization ABCT needs to understand the importance of cybersecurity as the
company is exposed to a number of cyber-attacks. This, in turn increases the risk related to
protection of the information confidentiality of the clients of the organization. ABCT is exposed
to a number of cyber-security risks as it is observed that the company allows BYOD and also
provides access to free wireless LAN to its guests and the visitors. These risk and threats can
result in the organization facing the risks of cyberattacks. It is necessary for the employees of the
organization to understand the need of understanding the cybersecurity principles. This can help
the organization to tackle with the active threats that the organization is exposed to, in terms of
allowing the use of BYOD and free wireless access to the guests and the visitors. Furthermore,
the organization make use of cloud storage to store the necessary organizational data. These
security vulnerabilities linked with the regular operations of ABCT are needed to be analyzed to
offer appropriate recommendations that is linked with data security and effective information
storage. Therefore, the company needs to invest on cybersecurity to enhance the key security
features of the organization. The cyber-security report that is being prepared can help ABCT in
improving their security system and security related policies. Therefore, understanding the
concept of cybersecurity is crucial for ABCT as it will ensure effective data protection for the
employees. It is necessary for the organization to understand the different cybersecurity aspects
that can helps the organization in management of cyber security needs of organization. The cases
of businesses being hit by cyber-attack are quite common. Since ABCT makes use of the cloud
storage to store the data and the information of their customers, it is needed for the organization
to understand the techniques that can help in implementation of the cybersecurity needs in the
organization. However, recommendations of the effective cybersecurity needs helps in
identification of the security vulnerabilities linked with the ABCT system. The following section
of the report identifies the most significant vulnerabilities linked with the ABCT compnay.
Document Page
5
PROFESSIONAL SKILLS
2. Identification of 3 security Vulnerabilities in ABCT’s system
The recommendations for improving the security aspects for ABCT will be based on the
active threats that are present in the company. The security vulnerabilities to which ABCT is
exposed to are indicated in the following paragraphs.
Risk with BYOD: BYOD or bring your own device is a technology that enables the employees of
the organization to bring their own phone, personal computer or any other personally owned
device to the workplace (Mitrovic, Veljkovic, Whyte & Thompson, 2014). This has a number of
advantages particularly because the BYOD devices can help in improving business mobility
(French, Guo & Shim, 2014). However, there are certain risks and issues linked with the BYOD
devices that restricts the use of BYOD in a number of companies.
ABCT has BYOD policy for its employees working onsite. In this policy, the onsite employees
can bring their own digital devices to work when needed. BYOD policy is beneficial for the
onsite employee; however, it increases the risk as well (Keyes, 2016). The data security risks
linked with BYOD includes leakage of the confidential data thorough infection of the device.
Infection in the devices of the onsite employees can risk certain crucial data of the company
(Downer & Bhattacharya, 2015). Since the employees are bringing their own devices onsite, and
also using it in their personal use, there is a high chance of data leakage (Dhingra, 2016).
Therefore, BYOD principle poses a significant risk to the information that is associated with
ABCT. It is needed for the organization to address the risk of BYOD so that the data security in
ABCT can be enforced.
Use of Cloud: The organization ABCT, which currently has 10, 0000 regular customers make
use of cloud to store the crucial data and the information of the customers. The use of cloud
storage poses a significant data security risk (Neumann, 2014). It is observed that the files in the
cloud are considered to be most susceptible to hacking without any effective security measures.
The security risk arises particularly because the data that is being stored is transmitted over
internet (Latif, Abbas, Assar & Ali, 2014). Since the organization ABCT allows free wifi access
to all its visitors, the risk of data security increases. One of the major process that can
significantly help in addressing this particular issue is encrypting the files in an appropriate
Document Page
6
PROFESSIONAL SKILLS
manner so that even if the data over cloud is hacked, the hacker may not get an access to the
important or the confidential data that is being stored in cloud.
Providing Free Wireless LAN Access: Another significant security issue that is lined with the
ABCT Company include providing free wireless LAN access to all the visitors. Providing a free
wireless access has a number of disadvantages and related security vulnerabilities. Network
intrusion is one of the most significant risks linked with providing access of the wireless network
to the visitors of the organization. Providing free wifi access to the visitors can significantly
increase the risk of DDOs attacks as well (Kolias, Kambourakis, Stavrou & Voas, 2017). Apart
from that there are risks of radio jamming as well. These are the most common and the
significant risk that are linked with providing free LAN access to all the visitors of the company
as all the visitors may not use the same with honest intentions.
The above three points lists the most significant risks to which ABCT is exposed to. The
organization is in need of addressing these risks in order to ensure that the confidential data of
their clients, that are stored of cloud are free from any network security threat. Apart from that,
the company can be a victim of other significant data security threats that are needed to be
addressed as well. The emerging threats that can significantly affect ABCT are discussed in the
section below.
3. Different types of emerging Threats
Apart from the above identified three major security vulnerability present in ABCT, there
are certain emerging threats that can risk the data security of the organization. These security
risks are indicated as follows.
Phishing: Phishing attack can be described as a social engineering attack, that is used for
stealing the user details including the login credentials and data related to credit cards (Thomas
et al., 2017). This is an emerging attack that can affect ABCT particularly because ABCT make
use of cloud to store the data of their customers in their network.
Ransomware and Malware attack: Ransomware and malware attack are two most
significant threats to which the company is exposed to. The probability of occurrences of these
risks within the organization is quite high mainly because the organization has policies of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
PROFESSIONAL SKILLS
BYOD. There are a number of ways with which a ransomware can significantly infect a
computer (Richardson & North, 2017). One of the most common ways of enforcing a
ransomware attack is spam emails. A malicious spam can spread a malware not only to a
particular system but also to the entire office network. This can cause due to the negligence of
the employees or their unintentional mistake (Thomas & Galligher, 2018). Therefore, it is needed
for the organization to educate their members regarding the spam emails and the attachments so
that the security vulnerbailities in the organization can be reduced.
Dos and DDos Attacks: DDOs threats or the distributed denial of service attacks adds to the
fastest emerging cybercrimes. This attack is critical as it although does not results in data loss, it
can significantly lead to business loss (Trung et al., 2015). The main aim behind the DDos
attacks is to cause downtime in the network leading to loss of revenue within the organization.
Cybercriminals, while gaining access to the wireless network of the organization can enforce
DDOS attack in the organization. In this type of attack, multiple system of ABCT can be
compromised. While a DOS attack can significantly affect a single system, the distributed denial
of service attack can significantly affect a group of systems. Although DDOs will not breach the
security perimeter of the organization, it can result in unavailability of the network to the
legitimate users as well (Wangen, Shalaginov & Hallstensen, 2016). Therefore, ABCT needs to
consider successful mitigation DDOS in order to reduce the risks and issues that are linked with
DDOS.
Man in the Middle Attack: This is another emerging threat to which the company ABCT
exposed to. In this attack, the attacker evasdrop the communication taking place between two
targets so that they can listen to the communication (Rahim, 2017). The man-in-the-middle
attack can occur in the organization as the company ABCT allows fee access to their LAN
network. An attacker can compromise the internal network of the organization, which can
significantly affect the data security of the organization as well (Rader & Rahman, 2015). The
man-in-the-middle attack imposes data security risks within the organization so this risk is
needed to be mitigated. There are certain types of DDos attacks, which include DNS spoofing,
HTTPS spoofing, SSL hijacking and others (Conti, Dragoni & Lesyk, 2016). Therefore, it is
needed to identify mitigation approach linked with the DDoS attack.
Document Page
8
PROFESSIONAL SKILLS
Rogue Security Software: This is another significant security vulnerability that is linked with
ABCT Company. Rogue security software is malicious software that can mislead the users in
believing that a virus is installed in their system. It is a type of cybersecurity attack that misleads
the users in installing the rogue software to address the virus which is not originally installed in
the system. Since ABCT has a policy of BYOD, the company is exposed to the risk of this rogue
security software updates in the system, which can also lead to loss of the confidential data.
Conclusion
The report provides an overview of the case related to ABCT. It is needed for the
organization to understand the main concept of the data security and security vulnerability so that
those risks and issues can be mitigated. The report discusses the cybersecurity aspects and the
impact of cybersecurity in a particular organization. Cybersecurity is necessary to address the
cybersecurity risks that an organization might be exposed to. The report discusses the major
three vulnerabilities to which the system of ABCT is exposed. These risks include the risk due to
providing access of the internal LAN network, risks related to BYOD and risks linked with the
storage of data on cloud. The report further identifies certain emerging threats that can affect the
data security of ABCT. The identification of the emerging threats linked with the organization
can significantly help in recommendation of the suitable approaches that can help the
organization in eliminating the various cybersecurity risks that are linked with the organization.
The main cybersecurity vulnerability that can affect the security and the privacy of the clients’
data stored in the system is the phishing attack. The employees of the organization are needed to
be educated about the risks and issues linked with phishing so that the major risks and the issues
can be mitigated. Apart from the phishing attack, another risk that the company is exposed to
include the DDoS attack. The DDOS attack can significantly affect the operations of the
organization and therefore, it is needed to be addressed. Certain recommendations on protection
of home and office is provided in the following section.
Recommendations for protecting home and office from Cyber attack
The recommendations to protect the home and office from the cyber security risks are
indicated as follows-
Document Page
9
PROFESSIONAL SKILLS
Encryption: The files, data and the information that are stored over cloud are needed to
be encrypted in order to reduce the risks of data loss. Encryption is recommended as it can
significantly help in addressing the most significant risks and the issues related to cybersecurity
and is one of the most widely used approach to enforce security of the data.
Not opening suspicious or Spam Emails: onsite as well as the offsite employees are
needed to be educated about the concept of phishing emails so that they do not open such emails.
This can significantly reduce the data security risks linked with phishing.
Restriction of the use of BYOD: Appropriate restrictions are needed to be enforced in
ABCT regarding BYOD so that the risk of data security can be reduced. Or else the company
needs to strengthen their BYOD policy to restrict the use of same without any proper antivirus
installed.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
PROFESSIONAL SKILLS
References
Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour &
Information Technology, 33(3), 237-248.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, 1-27.
Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man in the middle attacks. IEEE
Communications Surveys & Tutorials, 18(3), 2027-2051.
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology
Innovation Management Review, 4(10).
Dhingra, M. (2016). Legal issues in secure implementation of bring your own device
(BYOD). Procedia Computer Science, 78, 179-184.
Downer, K., & Bhattacharya, M. (2015, December). BYOD security: A new business challenge.
In 2015 IEEE International Conference on Smart City/SocialCom/SustainCom
(SmartCity) (pp. 1128-1133). IEEE.
French, A. M., Guo, C., & Shim, J. P. (2014). Current status, issues, and future of bring your
own device (BYOD). Communications of the Association for Information Systems, 35(1),
10.
Keyes, J. (2016). Bring your own devices (BYOD) survival guide. Auerbach Publications.
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other
botnets. Computer, 50(7), 80-84.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a systematic
literature review. In Future Information Technology (pp. 285-295). Springer, Berlin,
Heidelberg.
Document Page
11
PROFESSIONAL SKILLS
McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A. R., Maniatakos, M., & Karri,
R. (2016). The cybersecurity landscape in industrial control systems. Proceedings of the
IEEE, 104(5), 1039-1057.
Mitrovic, Z., Veljkovic, I., Whyte, G., & Thompson, K. (2014, November). Introducing BYOD
in an organisation: The risk and customer services viewpoints. In The 1st Namibia
Customer Service Awards & Conference (pp. 1-26).
Neumann, P. G. (2014). Risks and myths of cloud computing and cloud
storage. Communications of the ACM, 57(10), 25-27.
Rader, M., & Rahman, S. (2015). Exploring historical and emerging phishing techniques and
mitigating the associated security risks. arXiv preprint arXiv:1512.00082.
Rahim, R. (2017). Man-in-the-middle-attack prevention using interlock protocol method. ARPN
J. Eng. Appl. Sci, 12(22), 6483-6487.
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and
prevention. International Management Review, 13(1), 10.
Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information
security risk assessments to combat ransomware. Computer and Information
Science, 11(1).
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017,
October). Data breaches, phishing, or malware?: Understanding the risks of stolen
credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and
Communications Security (pp. 1421-1434). ACM.
Van Trung, P., Huong, T. T., Van Tuyen, D., Duc, D. M., Thanh, N. H., & Marshall, A. (2015,
October). A multi-criteria-based DDoS-attack prevention solution using software defined
networking. In 2015 International Conference on Advanced Technologies for
Communications (ATC) (pp. 308-313). IEEE.
Document Page
12
PROFESSIONAL SKILLS
Wangen, G., Shalaginov, A., & Hallstensen, C. (2016, September). Cyber security risk
assessment of a ddos attack. In International Conference on Information Security (pp.
183-202). Springer, Cham.
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]