Cyber protection refers to the whole mechanism that is intended to protect an information system from foreign intrusions such as threats and unauthorized access that could harm or reveal the information of a specific entity. In some circles, computer protection is often referred to as information security; thus, for the purposes of this article, the two words would be used interchangeably. Cyber defense was not quite as complex as it is today. This is attributed to the increasing number of cyber criminals who are devising new techniques to wreak havoc on the information infrastructure of numerous organisations. The government and the private individuals and organizations alike have been victims of cyber attacks at one point of their existence. This has prompted the IT experts to devise concrete strategies to counter the attacks through information security. There are some key concepts that underpin cyber security and usually serve as the building blocks that an organization can utilize in its operational strategy to protect its information systems. These elements are as follows:
1. Formulating a Cybersecurity Strategy and Framework
Every organization needs to have a tailored made system that is enshrined in all its components. This system needs to ensure it complements the type of data being protected. The security analysts need to be aware of the possible cyber risks that face a specific organization in order to put up an appropriate framework or have a counter strategy that might prevent or mitigate the impact of the risk. It would be necessary for the security analyst who is setting up a cyber security framework to be conversant with some of the standards and guidelines that are required for the specific entity to avoid instances of putting in place a rudimentary system that would leave an organization vulnerable to all sorts of attacks.
In order to ensure that the information system is adequately protected, there needs to be an effective team of people that are specifically tasked with managing the cyber security framework. This personnel need to be conversant with the various risks and need to be in a position to advise the organization on the best practices to maintain a healthy information system. The governance aspect in information security enhances accountability and an oversight function that ensures that the framework is performing up to the requisite standards.
3. Risk and Control Assessment
Cyber security is also concerned with the process of identifying the various activities, processes or services that are utilized by an organization and evaluating their likelihoods of attacks. As soon as the risks are analyzed, various safeguards need to be put in place to control them. While conducting the risk assessments, cyber security analysts need to try and get into the mind of a cyber criminal in order to develop an effective strategy.
Information security greatly relies on the ability of effective monitoring which is able to promptly detect any possible threats to an information system. This threat detection process needs to be real time since hackers and other cyber criminals often strike when we least expect it. Monitoring also ensures the relevant officials are able to discern any flaws in the system in order to act upon them. Monitoring is an oversight function and it is advisable that the people who put up the security framework should not be the ones undertaking it.
In order to have an effective cyber security system, it needs to be able to give the concerned parties the opportunity to react to the threats that an organization has been exposed to. It would be counterproductive if the framework put in place does not respond appropriately to cyber attacks. Cyber security is therefore required to ensure that threats are dealt with in an expeditious manner, the threat also needs to be effectively contained and the relevant stakeholders within the organization notified.
In the unlikely event that the information system has been breached, cyber security needs to ensure that the relevant information within the system is able to be recovered and thereafter reinstated in its earlier format. The information system is also required to decipher the cause of the breach and eliminate any threats that could have remained after the incident.
7. Information Sharing
The sharing of knowledge between the relevant parties in an organization is important in cyber security. The security analysts that man an information system need to liaise with both internal and external parties in order to find the best methods of countering the cyber threats. Internally, the analysts can advise the rest of the members of an organization how to avert any imminent cyber security threats either by using antivirus, virtual private networks or the use of specific credentials. Externally, the cyber security experts can expand their scope of knowledge by studying or being part of forums that discuss the best practices in combating cyber crimes.
8. Continuous learning
Due to the fact that cyber crime keeps on evolving with each passing day, there is a need to ensure that cyber security experts keep abreast with these changes by gaining more knowledge in order to deal with the threats. Continuous learning also ensures that the agents in charge of information security learn the best practices and standards that need to be adhered to in combating cyber crimes.
Significant Threats to Data
The data that is stored by our organization is constantly under numerous threats. These threats expose the entity’s confidential information to public scrutiny which is likely to affect the fiduciary relationship that we have with our customers. Some of the threats that our organization faces include:
1. Being in Possession of Technology That has Weak Security
Our organization boasts of being a tech-savvy and usually, our technicians are always on the look out to ensure that we keep up with the latest gadgets. These devices usually include the latest laptops, phones, smart watches and other ‘smart gadgets’. With as much as these devices enhance the ease of doing things, they expose the individuals and the company to numerous threats. Cyber criminals might not be able to be able to breach the information system within the company but can use the employees’ personal devices to perpetuate their activities. This is usually due to the fact that most of these ‘smart gadgets’ have unsecured connections which can be tapped.
2. Social Media Attacks
The latest trend that cyber criminals are exploiting is the use of social media. This is due to the fact that these platforms caused a frenzy in the World Wide Web and almost everyone is currently a member of at least one of the sites that are available. The threat that is employed is referred to as water holing. Here the cyber criminals pick out a number of company websites and manipulate them and post the links on social media using the .CAB or the .JAR file. The customers who are interested in an organization would be duped to believe that they are visiting the websites of the entities since they look almost similar and they risk exposing their information to hackers. An example of the malware that is used to manipulate the websites is known as the Gh0st RAT.
3. Third-party Entry
Due to the fact that most attackers are aware of the efforts that organizations have put to protect themselves from imminent threats, they usually devise alternative ways of drawing some of the organizations to them instead. This is usually done through third party entry points. One of the classic examples is the use of poster children and in the event that a prominent person seeks to make a donation, their credentials are phished and used either to acquire information or commit other criminal activities.
4. Neglecting Proper Configuration
With as much as an organization we have invested so much in procuring the latest cyber security technology, it has not been very efficient to counter the breach in our information system. This is due to the fact that the system has not been configured appropriately to effectively protect the company’s information. One of the things I have noticed is that our organization only makes use of one of the several security options that are available.
5. Outdated Security Software
As an organization, we have been vulnerable to threats though we have put in place a cyber security framework. This is due to the fact that our security system has not been updated to incorporate the latest threats databases. This, in turn, meant that new threats would not be detected by the system and would damage the information system.
6. Lack of Encryption
The information that we handle as an organization is very sensitive since it relates to the government and other entities. Therefore we need to go an extra mile to ensure that it is adequately protected. This might involve the encryption of some of the information which might not make any logical sense to another person without being decoded using some special software. Lack of encryption has led to the leaking of confidential information that has the effect of tainting the image of an organization.
7. Possession of Corporate Information on Personal Devices
The trends in the corporate field have been changing to improve service delivery. One of these changes has been the use of smartphones that ease the modes of communication and knowledge sharing. Some entities such as CSS International go further to provide smartphones to their employees to ensure that they are available when needed. These phones sometimes contain sensitive company information which is rather easy to access. This leaves our organization’s data vulnerable to attacks.
Impact of Cyber Criminals
Cyber criminals are the perpetrators that plot and execute the threats that affect an information system in a given organization. They are very dangerous people that cause havoc to every organization and our organization, the CCS International, is no exception. These criminals affect the economic aspect of our organization since we have lost a considerable amount of company resources. They also affect the general reputation of our organization to the general public. Our credibility before our customers and stakeholders is often tainted and it results in the loss of trust. Courtesy of the actions of the cyber criminals, some crucial business information and Intellectual property such as patents or trade secrets might be lost or made public. Information of this nature might be used by the competitors and lead to tremendous losses. The breach of our information system and the subsequent leakage of some of our information would affect the price of our stocks and lead to the reduction in sales since they are likely to create a buzz in the country and the world at large. This is due to the nature of the information that we handle. Finally, the threats that are released have an effect on the information framework that had been put in place and it might cost us some considerable amount of funds to reinstate it.
Risk management is the process by which the various threats to an organization are first identified, assessed and subsequently placed in an order of priorities. The resources within an organization are in turn utilized in a cost effective way to ensure that they give an optimum performance. Risk management further entails determining the chances of a threat occurrence in an organization and the possible impact the threat would have. The risk management process occurs through nine steps that are crucial to the protection of data and infrastructure in an organization.
The first step in the risk management process is the system characterization. This process generally helps to give an overview of the strategies that will be initiated in an information security system. In otherwise this is the backbone of the entire data protection process in any given entity. System characterization further delineates limits of the system that will be put in place will be set and the specific information and resource allocated. The various personnel that will be in charge of handling the cyber security will be highlighted and their specific functions will be stipulated. This step also helps in the protection of data since it helps in the acquisition of information that succinctly describes the risk.
The second step is the threat identification. This process enables the concerned parties to discern the likelihood of being vulnerable to various risks. This is an important function to information protection since it ensures that the cyber security agents are able to know the specific ways that threats originate from and gives them the opportunity to formulate preventive or mitigation measures.
The third step is the vulnerability identification. This process ensures that the potential loopholes in the information system are identified before they can be exploited by the cybercriminals. To clearly explain this point one should think of a potential threat source to be a group of retrenched employees in an organization. The vulnerability of the organization would be the non-removal of the credentials of the retrenched employees from the system. It is, therefore, necessary to be aware of the vulnerability in an organization and act upon it promptly.
The fourth process is the control analysis. This risk management step ensures that the safeguards that have been put are adequate to mitigate the vulnerability of an information system. The likelihood determination is the fifth process that will help protect data since it classifies the levels of vulnerability of a given threat, therefore, enables the cyber security agents to know a number of resources or effort to utilize. In order to safeguard the information system, the risk management process evaluates the impact of the threats to a given system. The fifth step is the risk determination and this is particularly important to ascertain the magnitude of the risk in order to determine the necessary actions that need to be taken.
Control recommendation is the eighth step in the risk management process. This will ensure that the intensity of the risk in an information system is brought down by a considerable margin. The final step is the results documentation. This enables the assessment that has been conducted to be reduced in writing in order to help the management to make relevant decisions concerning the security of an organization’s information system.
Recommendations from the Computer Security Best Practices
In order to mitigate the effects of cyber crime, a number of computer security best practices have been put forth. In order to protect our IT assets, I would recommend that CCS International implements the either the BS7799 or the ISO 27001 which are some of the cybersecurity standards being used in the world currently. The organization could also utilize the Data Loss Prevention tools to back up and also monitor the information that circulates within a system. In order to protect the IT assets from attacks such as the Distributed Denial of Service (DDoS) by using of trojans, the organization needs to reduce the time allocated for the sessions to the bare minimum. Another recommendation would be that the organization needs to tailor its information security system in order to give an optimum performance. Finally, all the members of an organization need to be aware of the ramifications of cyber crime and need to ensure that they take reasonable care while handling the information relating to the organization.
Course of Action after being a Victim of a Cyber Crime
In the unlikely event that our organization becomes a victim of cyber crime, I would ensure that I file an official complaint with the relevant security agency that is tasked with the enforcement crime in order for elaborate investigations to be conducted. The types of evidence that I would adduce include a copy of the manipulated information, server logs, details of the target network and finally a preliminary list of potential suspects. The law enforcement agents would be able to verify the authenticity of the claim that I have out forth and thereafter they would conduct an investigation before deciding whether or not there is substantive proof that links the offense to the potential suspects that I have given.
Legal Framework Outlawing Cyber Crimes
With the exponential growth in the internet-sphere has brought an increase in cyber crimes. The government has been committed and relentless in its quest to curtail some of this vice that deters the perpetuity of trade relations. This has prompted the government to move to enact a number of legislations at the federal and state level to protect organizations from cyber attacks. At the federal level, the 18 U.S. code § 1029 – Fraud and related activity in connection access devices was put in place to outlaw the use of various devices for fraudulent purposes and imposes various punitive measures to the persons who are found guilty of the specified offenses. At the state level, similar legislations have been put in place. For example, Arizona has its own statutes that deal with cyber crimes such as the A.R.S. § 13-2316 Computer tampering. This statute safeguards the internet users from hackers and phishers. A classic example of a cyber crime case was when Deje S. Silas and Elton Lee Flenaugh were convicted by a court in Atlanta, Georgia. The police had apprehended the two at the airport after they were frisked and found with almost 100 credit cards with fraudulent identities. The importance of this case is that it states that very thorough investigations need to be carried out in order to link the crime to the alleged offender.
Requirements from CSO in Order to Protect the Organization
The CSO needs to accord me all the support I might require in order to help her perform the task of protecting our organization from cyber attacks. This support involves getting the requisite authority to monitor and recommend the appropriate solutions to our information security system. She should also share some of the credentials needed that might be beyond my clearance level in order to best undertake my duties. Finally, the new CSO needs to take into consideration some of the policy recommendations that I give since I have a better knowledge in information security.