Cybersecurity Report for ICT205: Threats, Plans, and Training

Verified

Added on 2022/10/06

AI Summary

This report examines the critical aspects of cybersecurity for organizations, focusing on the threats faced in the digital age. It begins with an executive summary and introduction highlighting the increasing risks associated with internet-based business operations. The report identifies key vulnerabilities, including financial information, databases, and marketing strategies, emphasizing the dangers of weak password security and social engineering attacks like phishing and watering hole techniques. It stresses the importance of personal awareness among staff and outlines comprehensive security plans, including strong password creation, employee education on recognizing and avoiding threats, and implementing robust social engineering evasion strategies. The report also emphasizes the need for continuous staff training to address technological phobia and to ensure that employees are equipped to handle suspicious activities and protect themselves from potential attacks. The conclusion reinforces the importance of a proactive approach to cybersecurity, suggesting that organizations must invest in security measures and staff awareness to effectively mitigate risks and ensure the safety of their data and operations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

CYBER SECURITY 1
Data Structure and Algorithms
By (Name)
Name of Class/Course
Professor Name
Name of School/University
City and State
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

CYBER SECURITY 2
TABLE OF CONTENTS
Executive summary………………………………………….3
Introduction………………………………………………….3
Organization holdings at risk………………………………..4
Security threats to the organization………………………….5
Security plans………………………………………………..7
Training……………………………………………………...9
Conclusion…………………………………………………. 10
References…………………………...………………………11

CYBER SECURITY 3
Executive summary
This report discuses security threats that can be faced by the business organization, how
the organization can be protected from those security threats, coming up with a security plan to
secure the organization from attacks and other security issues and the training of the staffs on
how they can protect themselves from such security issues that they face on daily basis.
Introduction
Security over the internet has become a great issue and threat to any business that has
heavily invested on the internet to transact businesses. During this 21st century attacks over the
internet has really increased as every IT guy is taking hacking as profession yet is a crime. Any
organization that is willing to survive in this century it must have a secure network by making
sure they employ the best IT guys to protect them and as the saying go, the best guys to offer
security are always the best hackers and the same time the best programmers so your security
team must be highly experienced to compete with their fellow competitors out there.
Physical theft of information now is over as the attaches are using your internet to access
your vital information and use it to ruin your business completely. Nowadays when investing on
the physical security, network security is most important because many energies are required for
one to survive on the market without enough network security (Innes, A.C., Citrix Systems Inc,
2019).
This organization is facing serious issues that must be addressed with immediate effect
because failure to that can lead to a big loss to the organization. Lack of personal awareness on
the security when using the network, social engineering attackers, disaster recovery, business
continuity, poor password security and incident response.

CYBER SECURITY 4
a.)
Any organization that has deficient in security over the internet, most of their
holdings are always at risk as the attackers always target the organization most
fundamental holdings. The following holdings are at risk if this network is not secured
early enough.
i. Financial information.
Most of the attackers focus on the financial information to enable them to
steal and make many as is every attacker’s dream of becoming reach without
much struggle and this is their main target. When the attackers gain to these
financial information, they can manipulate anything in their favor and change
passwords of the systems used in the financial department and steal all the money
that might be available to the organizations Bank account.
ii. Database of the organization.
Organizations store their data in databases where they extract from when
they want to make any decision on the progress of the business. When the
network is not secure the database of the organization is at a very big risk as the
attackers can gain access it and control it fully leaving the users unknowing what
to do. When the hackers are in control of the database, they can all the
information and even sell it to the competitors of the organization and finally the
organization is likely to collapse because of stiff competition.
iii. Marketing information and strategies.
Information as many say is power and if the attackers manage to steal
some of your information from the organization, they automatically have the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

CYBER SECURITY 5
power to auto do the organization in any way they want. Marketing information is
very key to the success of any organization as it is used to attract new customers
in to the organization to improve the revenue which is the main target of any
organization and is much targeted by the attackers. When they manage to
penetrate into the network, any computer that is connected to that network is
prone to attacks and the marketing department using that particular network they
cannot evade the threats in any way if the network is not secure.
b.)
Weak security passwords.
This organization is taking a very big risk over the network of having very poor password
on their network. Attackers always target these weak passwords. Any password that has numeric
digits only is considered to be a weak password as it is assumed to be easily memorized as one
types. Passwords with numeric and letters is considered to be medium in terms of the strength
while a strong password is considered to be one with numeric, letters and other symbols like
exclamation marks or @ in it. There is nothing that makes the worker of a hacker easier than
knowing a certain network has poor password security. Databases that are not well encrypted it is
very easy for the attackers to send an injection query that bypasses all the weak security in the
database and the attacker can do anything possible with the database as he or she has control
over the database.

CYBER SECURITY 6
Social engineering attacks.
This is a technique used by the attackers to trick users of a certain network or system to
give out their personal information which makes them prone to attacks and they are likely to risk
the organization well. The following are some of the engineering attacks that are used by the
attackers to target some users of the network.
i. Phishing. In this type of engineering attack, the attackers use prompt messages,
emails or URL that are not secure for them to provide their sensitive information like
usernames, identification numbers, and even their passwords. When the attackers afford to
get this information, the attackers can steal any information and use the information to access
the organization’s information via that user who provided his or her information
unknowingly of the consequences. People are using social media without such information
and they always come across such forms that ask them to provide their information like
emails and passwords and mostly they provide their emails with the exact password they use
to access the email by just being tricked to be offered a free service in the name of
subscribing to that site (Arachchilage, N.A.G., Love, S. and Beznosov, K., 2016).
ii. Watering hole. This is a technique used by the attackers and a vocabulary in cyber
security. The attackers inject codes on websites the targeted user used to visit, and the code
tricks the website and can access any information in that website to access the server and
database of that origination. Some websites offer free services and users always look for
cheap things and this makes them trapped and attacked easily. Some other sites are using
cookies to capture information from the staff in the organization and they use that
information to attack the organization cruelly.

CYBER SECURITY 7
Lack of personal awareness.
As they say on the normal physical security, security starts with oneself and for this to
happen, one must be aware of any insecurity in the network one is using or any suspicious
insecurity issues. Lacking awareness is really contributing to these minor attacks as the
attackers are taking that advantage to attack organizations. Most of the users of the network
are techno phobia and they are not keen on the network, opening suspicious emails is one of
the risks a user can do because that email may be from attackers which use them to attack the
network.
c.)
All the identified security issues and threats need to be addressed with immediate
effect for the organization to be on the save side. The following measures must be taken care
of to ensure the organization is secure from security attacks.
i. Creating strong passwords.
All the organizational users should have strong passwords which are very hard
for the attackers to guess. Things like job ID numbers should nit be used as passwords
as this is very easy for the attackers guess and use it to target the user and the
organization as well. Every user account must be well encrypted tome sure enough
security also. Passwords with numeric and letters combined with symbols are highly
recommended as they are very hard to guess even if you se the user typing it several
times.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBER SECURITY 8
ii. Creating personal awareness.
All the users of the network should be notified and explained on the way these
attackers take advantage of their unawareness of how to use the internet. The
employees should be explained and well taught that not all emails are from genuine
senders and they should always delete them before opening them if they surely do not
recognize the sender of the email. Also, the users should not enter any sensitive
information on any pop up that come be it subscribing for a service as some have very
bad intentions. Finally, on the awareness, users of the network in this organization
should not click any link that looks suspicious because those links will lead them to
suspicious sites which are used by the attackers to attack the organization and attack
them also.
iii. Social engineering evasion.
The security team in the organization should make sure that the network has a
firewall to protect the organization and the its employees from attackers who daily
target them to gain access to the network and cause serious damage. These firewalls
always block those attacks which mostly come in terms of injected codes to gain
unauthorized access. The security system team should be on standby monitoring any
activity that happen on the network to be able to identify the attackers at an early
stage.
d.)
With inadequate or adequate security, the staff members of the organization is
good for them to gain some skills on how to encounter any suspicious activity that they

CYBER SECURITY 9
may face in their daily operations. Many of them who work outside ICT department
being techno phobia, it is good for them to be trained well to protect themselves from
attacks. The following are some of the awareness the staff should be aware of.
 They should not fill out any form with sensitive information that pops out in any
site. This always exposes them to risks that they can regret later.
 They should not at any cost open emails from unknown source as some may be
spy emails, spy emails are able to monitor keyboard keystrokes and send the
activity to the attackers of the organization which use that information to crack
the organization down.
 Their computers and mobile phones connected to the network should have trusted
antiviruses to protect them from any virus that maybe sent to spy their phones and
risk the organization as well.
 The staff is cautioned from connecting to public Wi-Fi anyhow because majority
of these public Wi-Fi are injected with viruses which are very risk to the security
of the network.
 The staff members are also discouraged from downloading free software that are
available on the internet as some of these software are nit made with good
intention but for hacking purposes. Hackers know very well that the society
always love free things and they invest heavily on the same to win in hacking.
 Cookies are making the attackers win many organizations as some are intergraded
with viruses to enable the attackers see the organization they are targeting easily.
So, the staff members should highly be discouraged from accepting and coolies
anyhow in any site to reduce the risk of being attacked.

CYBER SECURITY 10
Conclusion
Security being very key in any organization that is online it must heavily invest in
security to ensure all their information is secure. When this organization focuses on all
the discussed issues mostly on how to curb security issues identified, the attackers would
not be able to hack the organization. The staff members should also follow the awareness
issues highlighted on the training session as this will in big percentage protect the
organization because mostly staffs are the one who exposes an organization
unknowingly. With all the discussed issues followed keenly, the organization will be very
safe from any attacks.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

CYBER SECURITY 11
References
Innes, A.C., Citrix Systems Inc, 2019. Securing network activity managed by operating systems.
U.S. Patent Application 10/277,578.
Arachchilage, N.A.G., Love, S. and Beznosov, K., 2016. Phishing threat avoidance behaviour:
An empirical investigation. Computers in Human Behavior, 60, pp.185-197.