Comprehensive Cyber Threat Assessment for Emirates Airline Operations

Verified

Added on 2019/11/26

AI Summary

This report provides a detailed cyber threat assessment for Emirates Airline, analyzing potential risks such as ransomware, IoT vulnerabilities, phishing attacks, DoS/DDoS attacks, and cyber espionage. It explores the impact of these threats on the airline's operations, including financial and reputational damage, and suggests mitigation strategies like updated systems, strong firewalls, and bandwidth enhancements to prevent and manage attacks. The report emphasizes the importance of employee training and awareness in identifying and responding to cyber threats. Furthermore, it recommends securing information assets through digital authentication, upgraded security software, and the use of trusted cloud service providers for data storage. The conclusion stresses the need for proactive cybersecurity measures to protect the airline's reputation and operations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
Cyber Threat Assessment for Emirates Online
Name of the Student:
Name of the University:
Name of the Lecturer:
Date:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
Executive Summary
The report serves the purpose of providing Emirates Airlines, an aviation organisation of
United Arab Emirates, with the insight of the cyber security threats that can cause financial as
well as reputational harm to the organisation. Critical analysis is conducted to identify the
cyber threats that have been concerning the cyber law enforcers for the past few years. The
cyber threats are determined that can cause damage to the chosen organisation as well as
solutions are provided to prevent such attacks. The report concludes with suggestions
regarding safeguarding the information assets of the company.

2CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
Table of Contents
1. Introduction............................................................................................................................3
2. Top Global Security Threats..................................................................................................3
2.1. Ransomware Attack........................................................................................................4
2.2. Risks due to Internet of Things.......................................................................................5
2.3. Phishing Attacks..............................................................................................................5
2.4. DoS or DDoS attacks......................................................................................................5
2.5. Cyber Espionage.............................................................................................................6
3. Methods of Mitigating the Threats.........................................................................................6
4. Suggestions to Secure the Information Assets of Emirates...................................................7
5. Conclusion..............................................................................................................................8
6. References..............................................................................................................................9

3CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
1. Introduction
Cyber attacks and cyber threats are possibly the most pressing issue that has
concerned the cyber-law enforcement agencies around the globe for past few years. Reports
of cyber attacks have continued to occupy the headlines of every newspaper worldwide. The
cyber law-breakers are always coming up with innovative methods and technologies to cause
havoc in the cyber world and keep busy the guardians of cyber security (Singer and Friedman
2014). The agencies that are responsible for the protection of the cyber world are always
involved in developing new strategies, methods and technologies to disrupt the actions of the
cyber criminals. However, the cyber criminals seem to outdo the protectors every time at
every instance (Robinson et al. 2013).
This report serves the objective of informing Emirates Airlines regarding the cyber
threats that are concerning the cyber vigilantes for the past two years. It also analyses and
provides details on the impacts that such cyber threats may have on the organisation and its
operations. Finally, the report provides suggestions on possible risk management measures
that can be undertaken by the organisation to protect itself from such cyber assaults.
2. Top Global Security Threats
The past few years has seen an intense level of activity in cyber attacks around the
globe that caused damage ranging from organisational to global. There has been an
exponential growth in the frequency of cyber attacks lately. The attacks were carried out with
different methods and technology that had different effects and results (Andress and
Winterfeld 2013). The global law-enforcement organisations constantly analyse these attacks
and compare their complexities with other types of attack. Based on the final report the most
threatening attacks are identified every year. In 2015, the top 5 cyber security threats were

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
identified to be ransomware, cyber risk related to the use of Internet of Things, Cyber
espionage, Cyber theft, risks in BYOD (Choucri, Madnick and Ferwerda 2014). In 2016, the
top 5 cyber threats were identified to be mobile payments and banking hacks, next-generation
heartbleed, advanced phishing attacks, cyber election fraud and risks related to cyber
insurance (Choucri, Madnick and Ferwerda 2014). In the year of 2017, the top five cyber
threats has been identified as nation-state cyber attacks, ransomware attacks, distributed-
denial-of-service attack, risks related to Internet of Things, Social Engineering and Human
Error (Choucri, Madnick and Ferwerda 2014). Therefore, it is evident from the statement
above that with the face of cyber threat changing rapidly each year, the list of top cyber
threats is also inconsistent.
However, some cyber threats are constantly bothering the cyber protectors for the last
few years. The magnitude of impact of the cyber threats depend on the type of business it is
affecting. In case of organisations dealing in airlines transport business such as the Emirates
Airlines, certain cyber threats are identified that can cause the most damage to the business of
the organisation. Five greatest cyber threats to organisations like Emirates are as given below.
2.1. Ransomware Attack
The most damage that can be caused to organisations like Emirates Airline is through
coordinating a successful ransomware attack. A ransomware is a sort of malware that is
designed specifically to prevent access of a user to a computer and demand ransoms in
exchange of restoring the system to its previous state (Pathak and Nanded 2016). Most of the
airline manufacturing organisations supply completely digitally equipped advanced airlines
nowadays. Therefore, all of the airlines that are used by Emirates Airlines are digitally
equipped that are used by the pilots to control the aircraft as well as establish contact with the
Air Traffic Control (ATC) of the airfields (Brewer 2016). Now if a ransomware attack is
coordinated on the organisation that prevents the pilots to communicate with the ATC while

5CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
landing or taking off from the airfield or prevents them from controlling the aircraft, then the
craft can suffer massive accident that can cause large amount of life loss as well as financial
and reputational damage to the organisation.
2.2. Risks due to Internet of Things
The connectivity of all digital devices to the internet can sometimes prove to be fatal,
especially in aviation industries. All the devices that are used in an aviation industry from the
airlines to the offices of the organisation needs to stay connected with each other as
communication is vital in an aviation business (Jing et al. 2014). In case a cyber attack is
coordinated by releasing, a malware within the network to which all the devices are
connected that disrupt the communication among the offices and the aircrafts; it can raise
many issues from delay in services to compensating the affected passengers (Jing et al. 2014).
2.3. Phishing Attacks
A phishing attack is generally used to retrieve sensitive information from a system
that can be used for the benefit of the attacker in another instance. A phishing attack
coordinated on the data centres or systems of the organisation can retrieve sensitive official
information that can fuel criminal activities at a later instance (Hong 2012). The data may
contain details of the aircrafts that are presently used and their conditions and security
features that can be used by terrorist or criminal organisations to conduct criminal activities
such as hijacking the crafts. This can lead to huge financial loss to Emirates as well as may
endanger the lives of many passengers (Hong 2012).
2.4. DoS or DDoS attacks
The purpose of Denial of Service (DoS) and Distributed Denial of Service (DDoS)
attack is to deny a user to use the network services by flooding the network with repeated
requests and congesting the network traffic (Bhuyan et al. 2013). A DoS or DDoS attack can

6CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
congest the network in which the organisation maintains communication among its other
departments. As a result, the communication will be disrupted within the organisation, which
may cause in several operational issues (Bhuyan et al. 2013).
2.5. Cyber Espionage
Cyber espionage is similar to the phishing attack as it also serves the purpose of
illegally obtaining confidential information from organisations or governments by using the
network (Lewis and Baker 2013). Such attacks can retrieve sensitive information of the
organisation like the details of the employees working in the organisation and their bank
account details, which can be used for causing potential damage to the organisation or its
people in terms of finance and reputation.
3. Methods of Mitigating the Threats
To mitigate the threats mentioned above the organisation needs to make certain
reforms to the current IT infrastructure as well as implement some new methods and
technologies for the same purpose.
Initially, the organisation need to use updated systems with latest operating system
and software that has lesser amount of bugs that can be exploited by malwares like
ransomware to breach the system and take control of the same (Hua and Bapna 2012).
The devices that are connected to a network need to have sophisticated security tools
implemented so that it becomes difficult for the hackers to gain entry to the devices easily.
This will mitigate the risks related to internet of things (Lewis and Baker 2013).
The network to which the systems are connected in the organisation needs to have
strong firewall incorporated, which will scan and detect any malicious package within the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
network and prevent it from entering any system. This will prevent attacks like phishing and
cyber espionage.
The Emirates can consider purchasing an enormous amount of bandwidth in the
network of the organisation, which will reduce the possibility of DoS or DDoS attacks
(Bhuyan et al. 2013). This is because, the more bandwidth the organisation have the more
difficult it will become for the attacker to congest all the network traffic at the same time. In
addition to this, the organisation can implement certain software services that provide
products that can detect DoS and DDoS attacks.
The Emirates can recruit third-party service providers who provide application suites
that help in providing complete risk management solutions along with detailed information
on the types of threats that can affect the organisation and their impact on the same (Hong
2012).
Finally, the organisation needs to train its employees with proper knowledge of
identifying the threats and what steps should be taken at the event of a cyber attack (Hua and
Bapna 2012). Employee awareness is vital to fighting the threats to cyber security in any
organisation. Sometimes, an attempt of cyber attack can be prevented by the timely action
taken by an employee who is well informed about the mode of the attack and its preventive
measures.
4. Suggestions to Secure the Information Assets of Emirates
The Emirates is an aviation industry that stores sensitive business information, which
if exposed to cyber attackers, can cause great financial and reputational damage to the
organisation. Some information can also fuel future criminal activities. That is why; the
protection of the information assets of the company is of utmost priority for safeguarding the

8CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
interest of the same. Some measures can be taken to ensure the security of the information
assets as provided below:
 Primarily, the data that are stored in the local systems of the organisation need to be
protected with digital authentication methods such as with passwords and digital
signatures so that the data cannot be retrieved physically in absence of the legitimate user
of the system (Peltier 2013).
 The systems should also be equipped with latest and upgraded security software so that
the data cannot be collected remotely. The network must have strong firewall for the
same reason (Andress and Winterfeld 2013).
 Finally, the organisation must avail the services of a trusted cloud service provider to
store the data at remote logical storage systems that has advanced cyber defence
measures. Cloud storage is one of the most reliable methods of storing sensitive data
without running the risk of it being stolen, provided the service provider is legitimate
(Pathak and Nanded 2016). The data stored in cloud storage systems are protected with
advanced and updated security software and the network through which the data is
transferred to the cloud is encrypted with latest encryption technology. Moreover,
multiple backups of the data are created and stored in various remote locations, which
makes loss of data almost impossible.
5. Conclusion
The report reaches the conclusion that an aviation company like the Emirates needs to
defend their hard-earned reputation heavily from the cyber attackers whose actions can affect
it severely. To do so, the organisation needs to make certain changes as well as undertake
certain new measures to fight the threats to cyber security.

9CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
6. References
Andress, J. and Winterfeld, S., 2013. Cyber warfare: techniques, tactics and tools for security
practitioners. Elsevier.
Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K. and Kalita, J.K., 2013. Detecting
distributed denial of service attacks: methods, tools and future directions. The Computer
Journal, 57(4), pp.537-556.
Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network Security,
2016(9), pp.5-9.
Choucri, N., Madnick, S. and Ferwerda, J., 2014. Institutions for cyber security: International
responses and global imperatives. Information Technology for Development, 20(2), pp.96-
121.
Hong, J., 2012. The state of phishing attacks. Communications of the ACM, 55(1), pp.74-81.
Hua, J. and Bapna, S., 2012. How can we deter cyber terrorism?. Information Security
Journal: A Global Perspective, 21(2), pp.102-114.
Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., 2014. Security of the internet of things:
Perspectives and challenges. Wireless Networks, 20(8), pp.2481-2501.
Lewis, J. and Baker, S., 2013. The economic impact of cybercrime and cyber espionage.
McAfee.
Pathak, D.P. and Nanded, Y.M., 2016. A dangerous trend of cybercrime: ransomware
growing challenge. International Journal of Advanced Research in Computer Engineering &
Technology (IJARCET) Volume, 5.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10CYBER THREAT ASSESSMENT FOR EMIRATES AIRLINE
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Robinson, N., Gribbon, L., Horvath, V. and Cox, K., 2013. Cyber-security threat
characterisation.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What Everyone Needs to Know. Oxford
University Press.