Professional Skills: Cybersecurity Report for ABC Technologies

Verified

Added on  2023/03/21

|16
|3915
|28
Report
AI Summary
This report provides a comprehensive analysis of cybersecurity for ABC Technologies, an Australian company dealing with high-tech products and services. The report begins with an introduction to cybersecurity and its importance for the company, which has previously been targeted by cyberattacks. It identifies and explains three key security vulnerabilities within ABC Technologies' system, focusing on the Bring Your Own Device (BYOD) policy, Virtual Private Networks (VPNs), and the use of cloud storage. The report also lists and describes five different types of cyber threats that could affect the company, including ransomware, malware, social engineering, and phishing. Furthermore, it outlines the responsibilities of attackers and their techniques, and concludes with recommendations to protect both home and office environments from cyberattacks. The report aims to inform ABC Technologies about cybersecurity best practices and provides a foundation for improving its security posture. References are included for support.
Document Page
Running head: INFORMATION AND COMMUNICATION TECHNOLOGY
Professional Skills for Information and Communication Technology
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1INFORMATION AND COMMUNICATION TECHNOLOGY
Table of Contents
Introduction................................................................................................................................2
What is Cybersecurity?..........................................................................................................3
Why is it important for ABC Technologies?.........................................................................5
Identification and explanation of 3 security vulnerabilities in the system for ABC
Technologies with proper justification taken from the research............................................6
Identification and listing of 5 different kinds of threats that might affect ABC Technologies
................................................................................................................................................8
Description of each of the threats with their capabilities of causing damages......................9
Responsibility of the attacks and the attacking techniques..................................................10
Recommendations to keep the home and office away from cyber-attacks..........................10
Conclusion................................................................................................................................11
References................................................................................................................................13
Document Page
2INFORMATION AND COMMUNICATION TECHNOLOGY
Introduction
The organization of ABC Technologies is and Australian company that has hired a
Security Consultant to help the organization and its employees for having a thorough
understanding about the company and its security system over the cyber world (Van Schaik
et al. 2017). The company is reported to be dealing with variant types of high-tech products,
including the likes of hardware and software products and services to the organization. The
organization has been found to be extremely technologically advanced with the features
offered to the employees and the customers via the utilization of the cyber world. The
organization has previously faced a situation where the company was once victimized by
several cyberattacks by malicious attackers. The company is at a constant concern about the
confidential data about the organization and this is why are looking forward to improve their
security system and security related problems so that they do not lose the trust of the
customers and further losing their reputation in the market.
This is why the following report has been devised or created to make sure that a
document is created about cybersecurity to train the staff in the organization about the basics
of cybersecurity. The following report would hence cover the basic ideas about cybersecurity
for the awareness of the employees, the identification of the security vulnerabilities of the
system in the organization and including the identification of the threats associated with the
organization and their feasibility of being treated with appropriate cybersecurity related
recommendations.
Document Page
3INFORMATION AND COMMUNICATION TECHNOLOGY
What is Cybersecurity?
Cybersecurity, in a simple form of definition, can be state as the protection that are
required for the systems connected via internet from cyberattacks, with the systems including
software, hardware and most importantly the data and information (Jones et al. 2019).
The concept of computing includes two distinctive security features, one being the
physical security of the computing devices and the other being the security of the devices
connected in the cyber world and communicating through the internet medium (Schatz,
Bashroush and Wall 2017). It has been found that both these forms of security are required in
individual use and in the organizations as well. The ways by which the protection against the
internet medium and the connecting devices is formulated with the protection devised against
the unethical access of data and computer systems. The information security is designed for
the maintenance of the confidentiality, availability and integration of the data, all forming the
subsets if the security of the devices in the cyber world.
However, cybersecurity is nothing that operates in a singlehanded way and the efforts
are not found to be implementing solely throughout (Graham, Olson and Howard 2016).
Cybersecurity ensures protection to the computing devices and the other features of the
utilization of the cyber world throughout the efforts ensured by the coordination of various
efforts at once from the start to the end of an information system. These can include the
following efforts to ensure proper security to the information system in the cyber world:
Application Security
Information Security
Network Security
Business Continuity Planning
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4INFORMATION AND COMMUNICATION TECHNOLOGY
Disaster Recovery
End user education or spreading of awareness
Operational Security
Disaster Recovery
With so many solutions provided by cybersecurity systems to the computing devices
and the networks, it is also necessary that the organization also recognizes the problematic
nature of the facility as well. The primary problem that the organizations face every now and
then is the problems with cybersecurity imbibed because of the evolving nature of the
security risks (Kokkonen et al. 2016.). It has been found that the more the technology has
been making advances, it is becoming difficult for the cyber world to device regularly
evolving cyber security plans as the hackers are becoming much more advances and
sophisticated while hatching an attack plan and actually attacking the devices utilizing the
cyber world.
For example, the cyber security systems in the previous times used to focus on the
known threats and protected the essential devices and crucial system components (Trim and
Upton 2016). They did not focus much on the systems with less dangerous risks and thus
these systems were left undefended. This had the possibility or a potential for the cyber
criminals to utilize these undefended systems and devices and attack the systems.
There are various types of the cyber security threats that have been identified to be
developed keeping in mind about the new technologies and the emerging security trends as
well. It is a difficult process, but it is not at all impossible. The various forms of the
cybersecurity threats have been devised in order in the following section as per the protection
it provides to the information systems and the other assets from impending cyber threats:
Document Page
5INFORMATION AND COMMUNICATION TECHNOLOGY
Ransomware: This is a type of malware that is involved with the locking of
the computer systems files of an individual or an entire organization through
typical encryption forms by an attacker (Brewer 2016). Like the name
suggests, they can even ask for ransom in terms of a demanded payment. Only
after the payment, decryption and unlocking of the systems files might be
provided.
Malware: These come in the form of unsuspecting files and programs that is
used to harm a computer in the form of computer viruses, spyware, Trojan
horses and computer worms.
Social Engineering: This attack mostly relies on the human interactions that
are able to trick and individual for breaking into their security procedures and
for the gaining their trust into revealing the sensitive information that is mostly
kept under protection.
Phishing: This is a cyber-attack devised through various frauds contemplated
by fraudulent emails sent, which mostly resemble the emails from trusted
sources with the intention of stealing confidential and sensitive data including
the sensitive individual data about their credit card and login information.
Why is it important for ABC Technologies?
The organization of ABC technologies is an Australian technology that is and deals
with a varied range of high tech products that includes both hardware and software for the
customers of the company. It is quite a reputed company, for which the company is looking
forward to retain all the reputation it has gained so far by serving the customers (Norman
2016). Since, the organization mostly deals with the Information and Communication
Technologies, there is a possibility that it is vulnerable to the security systems.
Document Page
6INFORMATION AND COMMUNICATION TECHNOLOGY
There have been previous occurrences of malicious hackers found or reported that has
made the organization fall victim to several cyber-attacks. The functionality of the
organization demands that the company uses a Virtual Private Network or VPN to handle
multiple offices throughout the nation and also including two offices set up overseas. The
organization uses the VPN handled from the head office at Canberra and also allows their
employees their employees to work from home using the VPN connections (Haug et al.
2018). The company also has a BYOD or Bring Your Own Device Policy for the employees
working onsite. All the location of the organization allows the visitors or the customers with
the provision of free wireless LAN access.
They have 10,000 regular customers and all their information and product information
remain stored within the cloud. This is why, it looks forward to the implementation of the
improved security system for the organization so that any security problem to the
organization is identified and proper measures are applied to mitigate those security issues
(Safa, Von Solms and Furnell 2016). This would ensure that even if the organization was
attacked before and the information are stored within the cloud, the company would not face
another security attack and would retain their reputation.
Identification and explanation of 3 security vulnerabilities in the system for ABC
Technologies with proper justification taken from the research
The organization of ABC Technologies has various policies and business propagation
systems that ensures the day to day business activities contemplated with the utilization of the
cyber world. For various steps of the day to day business activities, the organization utilizes
the internet for almost every aspect of the organizational process. However, analysing all
these activities, there have been various security vulnerabilities identified in the systems of
the company. Out of these, three security vulnerabilities would be discussed as follows:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7INFORMATION AND COMMUNICATION TECHNOLOGY
1. The security vulnerability issues with the Bring Your Own Device or BYOD Policy
There are innumerable security risks associated with the organization for introducing
the policy of BYOD or Bring Your Own Device in the organization of ABC Technologies
(Ganiyu and Jimoh 2018). This is because, there might be a possibility that not every
employee within the organization would understand the security policy or the risks associated
with the BYOD policy (Vignesh and Asha 2015). The most problematic issue noticed in this
case is that, the company does not provide information about the setting up of a BYOD
policy even. Therefore, it can occur that the employees in the organization does not
understand any proper method or legislative measures of protecting the devices of any
security attacks, making the entire organization be vulnerable to security risks (Tanimoto et
al. Kanai 2016). There may be other occurrences of the device being lost or stolen, utilization
of unsecure networks, and even unsecure transfer of data, making the company be open to
any cyber-attack.
2. The security vulnerabilities of Virtual Private Networks or VPN
VPN or the Virtual Private Networks have always been considered as a secured
system or mechanism that organizations can use for the transmission or transfer of secured
and sensitive data. It also ensures security for the client and server applications for the
employees within the organization handling the applications from remote locations (Sakkaf
and Baker 2018). The organization of ABC Technologies also have utilized the VPN
technology for employees working remotely or even for the employees working from home.
However, the company does not provide information about the SOX compliance mandates
that every organization needs to mandate so that the VPN remains secured, as there may be
situations, where the VPN can be victimized during the provision of protection to the
applications and servers. These mandates need to articulate the security policies within an
Document Page
8INFORMATION AND COMMUNICATION TECHNOLOGY
organization for the entities within the organization including the executives, the sales people
or even the customers who serve as the end users for the organization (Lospoto et al. 2015).
3. The security vulnerabilities of storing business information in Cloud environment
Cloud Storage has been rising in popularity since it has been found that it has been
extremely versatile for the utility of the business organizations and thus, the enterprises are
jumping onto the cloud bandwagon one after another (Lins, Schneider and Sunyaev 2016).
Like every other organization as well, ABC Technologies have also implemented the utility
of the cloud storage for its business and customer information storage. However, the
company has reported that they have been victimised by cyber criminals before and this is the
reason that they are fearing that the cloud implementation might again be victimising them.
Therefore, it is evident that they have ideas about the security vulnerabilities of the cloud
storage systems as well, but have not formulated any appropriate measures.
The cloud storage has numerous vulnerabilities to the systems, including the fact that
they do not assure the control over data while using a third-party file sharing service and the
privacy settings of the data go much beyond the capability of the organization to control
(Kozlovszky 2016). Again, there are a lot of chances for data leakage, the acts of snooping
and faulty management of the cryptographic keys.
Identification and listing of 5 different kinds of threats that might affect ABC
Technologies
Following would be the identification and listings of 5 of the varied kinds of the
threats that has the potential of attacking the ABC Technologies:
Network eavesdropping
Illegal invasion
Document Page
9INFORMATION AND COMMUNICATION TECHNOLOGY
Denial of Service Attacks
Virtualization Vulnerabilities
Ransomware Attacks
Description of each of the threats with their capabilities of causing damages
Network eavesdropping
This attack is regarded as an interception of private communication in real-time with
the help of phone calls, video conferences and even utilizations of software for remotely
controlling multiple workstation from remote locations (Si, Liu and Ma 2018). This threat has
the potential of extracting out data in real-time from the organizations.
Illegal invasion
As the name suggests, the threat of illegal invasion is the act of barging into the
computers or communicating devices of an individual or a company without any authority
(Wang 2017). This attack has the potential of stealing an individual or an entire organization
of its confidential and sensitive data.
Denial of Service Attacks
This is the kind of cyber-attack that makes a perpetrator makes a machine or a
network resource unavailable to the users, be an individual or a company (Yuan et al. 2016).
It is done to make the user of the particular system be unavailable temporarily or even disrupt
the services indefinitely from the hosts connected to the internet.
Virtualization Vulnerabilities
The attacks consisting of the virtualization vulnerabilities is something the ABC
Technologies are most vulnerable to as most of the business services are conducted virtually
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10INFORMATION AND COMMUNICATION TECHNOLOGY
(Nagar and Suman 2016). They attack all the virtualization platforms make it difficult for
establishing a virtual communication or connectivity to the remote employees and the
organization.
Ransomware Attacks
Ransomware is also regarded as the malware attacks, only the difference being
preventing the users of using their systems and personal files (Everett 2016). The users would
only be allowed to access the system and the files again when a payment of a certain amount
of ransom is done to the attackers.
Responsibility of the attacks and the attacking techniques
The responsibility of the attacks for all the threats and vulnerabilities lies in the hands
of the executives and decision making bodies of the ABC Technologies. This is because;
when they had been planning the day to day activities for the business, they did not
implement any policy or system for the employees to follow through and make the business
processes a much secured one and the company would not be vulnerable to security attacks
from the cyber world (El Makkaoui et al. 2016).
Recommendations to keep the home and office away from cyber-attacks
Following are few recommendations provided to prevent the home and office systems
and processes in falling vulnerable to the cyber-attacks:
Regular backing up of data, followed by end of week, quarterly and yearly
server backups.
Securing the computers and other computing devices by setting up firewalls.
Document Page
11INFORMATION AND COMMUNICATION TECHNOLOGY
Monitoring and protecting the use of the computers and systems (Puthal et al.
2017).
Protecting the important information with encryption conversions.
Managing administrative passwords, changing all default passwords and
choosing strong passwords consisting of symbols, alphanumeric combinations
and digital signatures (Shih 2017).
Using span filters to reduce the amount of spam and reduce the occurrence of
phishing emails.
Educating the staff about being safe online and developing the essentially set
up business security policies.
Protecting the business and customer information.
Keep up with the information about the latest cyber security risks.
Conclusion
Therefore, in conclusion, it can be easily said in the end that the organization of ABC
Technologies have been presenting numerous examples of having security vulnerabilities
within the organization, which is why the organization has opted for a Security Consultant for
analysing the security vulnerabilities of the company and propose formulating measures for
the mitigation or eradication of all the security threats. The company has reported to be fallen
victim to security attacks before by malicious attackers and this is why the organization is
looking to an impermeable business system so that they company does not have to lose their
valuable information and make it difficult for the organization to retain their reputation. As
the organization has a regular customer base of about 10,000 people and the business have
been operating in overseas as well, they are not in the position to compromise their
reputation. As the Security Consultant team, the report created above identifies all the
chevron_up_icon
1 out of 16
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]