The information being processed in every organization is meant to be secured from the unauthorized person for various reasons including, leakage interpretation. The organizations are also focusing on implementing best practices that could ensure the security of information that they store for different processes, like for prognosis or for record keeping. In order to secure the information in an organization, the practices implemented is called cybersecurity. In other words, cybersecurity can be defined as technologies and processes that are designed in a way that could ensure the security of networks, computer, and data from unauthorized access and other attacks committed by cyber criminals. This presentation will provide most relevant information to the cybersecurity, cybercriminals and how the attacks can be mitigated to the minimum level.
Every organization including government, hospitals, financial institutes or military collect a huge amount of confidential information for their own processing and they transfer this information over networks as well. As the amount of information is increasing, it brings to attention about the upcoming sophisticated attacks on information that gives birth to better security practices for information in every organization. The information can be secured not only by the implementation of technologies but it also requires physical security in order to prohibit unauthorized persons to gain access to hardware containing the confidential information (Center, 2011) (KNEELAND, 2014). The evolving methods of security risks are considered to be more alarming to cybersecurity as with the evolution of new methods there is a need for the development and implementation of new security practices that could be able to secure the information. In simpler words, it can be said that with the appearance of new security risks there is need of new security method to stop that attack on the network and secure the organization’s information that is to be secure at any cost.
In order to ensure the complete protection of information with the help of cybersecurity, it is important to understand the main concepts that lay the foundation for cybersecurity. Understanding those systems and concepts will help in the better implementation of security practices and development of better security systems. These systems include frameworks, functions, and controls. The frameworks help the companies and organizations can use their existing cybersecurity process whoever take help from the frameworks in order to bring betterment to their cybersecurity risk management program (KNEELAND, 2014). On the other hand, if the organization does not have any existing security program, then they can also implement the frameworks to enable cybersecurity. Considering the NIST security framework we will be considering its cybersecurity functions and controls. In this case functions and controls need to go through the following phases, identify, protect, detect, respond and recover.
In the identification phase of functions, there is a need for the development of organizational understanding that would lead to the management of cybersecurity risks to the systems, data, capabilities, and assets. The identification is most essentials in this regard as it will lead to the development of a better cybersecurity policy. If the threats functions would not be identified there would be no way that the appropriate security practice would be developed and is helpful for the effective use of the framework. In the identification of functions, it is important to focus on business context, resources that are supporting critical functions. There are also related cybersecurity risks that enable organizations to focus on its business needs and risk management strategies. There are some categories associated with functions that are, risk assessment, risk management strategy, business environment, asset management and governance.
Cyber Security Controls
In order to implement the cybersecurity, there is a need for identification of controls in organizations and the most important is the identification of policies. On the other hand, the roles and responsibilities of each of employee in an organization should be identified properly (KNEELAND, 2014). Moreover, vulnerability assessment, asset application list, asset application classification and network diagrams should be identified as well.
The protect function in cybersecurity program is to ensure that the impact of cybersecurity event could be limited and enable it to contain its impact. The outcome categories in this function as information protection processes, maintenance, protective technology, awareness training, access control and data security.
Cyber Security Controls
The most important thing in protection from cybersecurity attacks is the proper training of employees regarding using computer systems in the organization. They must be trained to know what type of applications they should be installed on their computer systems and what they should not practice on their work systems. The anti-virus programs should be updated and firewalls should be enabled all the times and the user should not have authority to disable it. The logical access control should be enabled in the organization and the badges must be an essential assigned to each employee.
The detect function in cybersecurity practice is helpful in timely identification of cybersecurity event. Some of the outcome categories of this functions are security continuous monitoring, detection process and anomalies and events.
The controls that should be active in detections are logs, security information, and event monitor. On the other hand, there must be intrusion detection that if someone is trying to get an unauthorized access to the system. On the other hand, there are some additional controls like alarms, alerts, rogue device detection and network performance monitoring.
The respond function is very important in cybersecurity event as it will support the ability to contain the impact of that event. Some of the examples of outcomes are communication, analysis, response planning, mitigation and improvements (KNEELAND, 2014).
The controls in this regard are planning of emergency response in order to minimize the impact of the event to reduce the loss of information. On the other hand, it is mandatory to have an emergency response plan that could be executed at the time of cybersecurity event. Moreover, it involves notification to authorities about the event, initiation of recovery, upgradation of response plan and preservation of assets.
The recovery function is implemented so that the operations could be brought back to normal after the cyber-attack and its impact could be reduced as well. The outcomes from this function are recovery planning, improvements, and communication.
In this regard, there is a need for planning of some alternates as well that could mitigate loss at the time of security event. On the other hand, some controls are replaced, rebuild or reset.
While considering the security of information, mostly technology and other security applications are taken to be the essential ones; however, it is not true all the time because the servers holding that information are meant to be secured physically as well. It is essential because it also prohibits unauthorized people to gain access to the server so that they cannot gain access to information. It can be said that physical security is an integral and essential part of cybersecurity program. It means the security of server rooms, routers, dedicated computers, printers and all areas that store important and sensitive information (Center, 2011). The physical security can be implemented in the organization by developing policies for such secure areas, limiting access to only a few people after two-way authentication method.
An insider as the name indicates it the employee of the organization who has access to information of the organization, not all of that information but access to servers and network. Such an insider can be a threat to the information as well that can be intentional or unintentional. The information access by an insider can easily be stolen or discarded and the security measures are ignored in this regard. This threat to the organization can be mitigated at different levels; starting from the development of policies regarding the information access to each of the employees. In simple words, it can be said that the employee should have access to information according to his designation or job description. Another way to mitigate the threats from an insider who may be part of information theft unintentionally is their training about how to use the computers in the organization and what application they should be using.
There is a need for a strong password policy in the organization and critical for those who have access to sensitive information in an organization. It is because there is already an application that could crack into someone’s account of those people who have weak passwords. Most commonly known password attack is dictionary attack that makes use of commonly used dictionary words to get access to the account. Some of the employee’s try to make their password with the name of their association in their normal life like family member names that are easy to guess. So it is important to select those words that are hard to remember because they are hard to guess as well. This threat to information by weak password can be mitigated by training employees about the selection of password and how to keep those password to them only (Hoffman, 2013). In order to ensure the access of authorized person’s access to information is by the introduction of two way authentication process. It is because even if someone is able to guess a password he will not be able to access the account without second password or authentication.
The employees using social networking sites in organizations are also causing a danger the information security as they are unintentionally leaking company information. Aside from the company information they are also leaking some personal information on social media websites (Montalbano, 2010). There are third-party applications integrated with Facebook developed by small companies can also be a threat to information. The best way to mitigate this risk is to disable access to social networking website in organizations so that the employees are not unable to provide a gateway to hackers to get into the company network.
Hackers try to gain access to computers and company networks with the usage of the email containing malicious code. Normally individuals try these kinds of tact so that they can get into the user’s email account, once the user opens the email his computer can be compromised. Phishing can be mitigated by restricting the installation of an application that has access to incoming and outgoing emails (Center, 2011). The organizations should install enterprise level email security software that could not allow such emails to get into user’s inbox.
The removable media like CD, USB or external hard drives can cause the malicious code to run on organization’s network and data if the systems are not protected with high-level security programs. In order to mitigate these risks, it is mandatory that organizations install security software that could check the device attached to the computer before opening it. Another way is to disable autorun on computer systems.
Application and Software:
All of the computers in organizations run a number of applications and software for different purposes and some of them might be running older versions that could have a vulnerability that can be exploited by the hackers to get into the organization networks. The best practice to stop these attacks is by applying patches and keeping software updated with the manufacturer of application. It can be done with a robust patch management program that helps in identification of vulnerable applications and updates them regularly.
A zero-day attack is the most dangerous in its nature and can leave the computers and application totally vulnerable. This kind of attack is done on the vulnerability of application before the vendor of application knows about it or the attack is not spread around. The best way to mitigate the risk of this attack for organizations is to hire a professional who could perform a good technical vulnerability assessment of applications in order to ensure the security of application and information. Another way to mitigate this attack and risks is just to wait for the vendor to release a patch for that application.
As the number of the internet is increasing the everyday opening new market for the companies and organizations to move towards new internet market and focus on online business. However it is not only about the internet users increasing the number, but the main thing is the darker side of this increasing trend and that is increasing threat to the security of information being flowed over the biggest network every second. The risk to cybersecurity is also increasing exponentially and the need to encounter those threats is a new dimension for organizations to work on (Scout, 2015). The most commonly known cybersecurity threats are identified theft, credit card fraud, computer viruses, phishing, email spying and many more. The hackers are mostly working in groups in order to disable defense and intelligence capabilities of government agencies. The cybercriminals are a real threat to information security as there the only motive is to destroy the information and cause harm to organization either they are government or private. Some hackers make it a business as they steal the sensitive information of a private organization and sell it to the competitors. The hackers have developed themselves by the introduction of sophisticated attacks. Another reason for increasing cyber-attacks by cybercriminals is that the laws for cybersecurity are not implemented globally but are implemented region wise that gives criminal a loophole so that they usually avoid punishment. Hackers might be working with terrorist groups as well and may be part of the terrorist organization.
In order to secure information in the organization it is important to focus on risk management as well, that is the continuous process of identification, analyzing, evaluation, monitoring, risk controlling and financial resources that could be helpful in fighting against a cyber-attack. It means the evaluation of cybersecurity procedure to get a view about high good is the security of the organization that could resist the cyber-attack and secures the organization’s sensitive information. Moreover, it will allow the organization to foresee how they will be able to make their security more strong so that it could be helpful in securing the information. Further, it will help information of a security plan in a situation of a cyber-attack.
It is clear that the cyber security is important for the security of information in an organization and there are various methods that these attacks can be prevented to some extent. However, it cannot be said the threats can be stopped completely but there are certain steps that can be taken in order to secure information to some extent. Installing an anti-virus software on all computer systems in an organization is a good approach while fighting against cyber-attacks, but that anti-virus software must be updated daily in order to add new virus definition that it could fight if new attacks are attempted on computer systems (University, 2015). Another security practice that organizations should focus on is the upgradation of applications installed in computer systems as it would help installation of new patches that could stop cyber-attacks and secure information. While the employees are using the internet in the organization they must be well educated and trained about downloading any file from websites. It is because sometimes the files may contain Trojan or virus that could harm the computer system or the whole network in the organization.
The employees should be well aware of choosing a password for their accounts and computer systems. It is only possible once the employees are trained about the selection of password, as they should be selecting password by combining letters, number and some special characters as it will make the password strong enough that cannot be cracked easily (University, 2015). On the other hand, even if these security practices the cyber-attack is able to destroy the information then there must be a backup available for the last day that can be restored so that loss of information is at a minimal level. Daily back up is a good practice to encounter such attack and save information, but this backup should be in a separate space or storage media.
As the cyber-attacks are imminent, then the organizations should focus on how to stop those attacks or mitigate them to maximum level so that the loss of information could be minimized. Once the cyber-attacks is done to the organization’s information, the first thing to do is to check the security and business continuity plan so that the processes of organization could be carried on in routinely manner (Unit, 2015). The next step is to access the incident and have a look at the damages that the attack done to the organization, and plan for future that could help in mitigation of such attacks. Furthermore, it is mandatory to call the authorities and report about the incident and establish a chain of custody in place.
The collection of evidence is very important in the investigation process of cyber-attack so that it could be able to reach preparatory for this reason the image of the affected system should be collected and preserved so that no further changes are made to the evidence (Unit, 2015). The employees should keep a record of all the steps that were taken during the collection of evidence and to continue their activities. All the recent backups of information, time, place of incident and what is affected should be recorded as well.
In case of cyber-attacks, the law enforcement should play its role while working as a mediator with the news media by providing them the necessary information. On the other hand, they must be able to use their authority and tools in order to investigate the attacks and reach the attacker (PBS, Who are Hackers, 2014). The gathering of forensic evidence is also the responsibility of law enforcement authority and provide incident response service as well.
A law was passed in 2008 with the name of Identity Theft Penalty Enforcement and Restitution Act that mentioned that anyone involved in identity theft will be punished with 5 years of imprisonment, on the other hand, if the identity theft is related to some terrorist activity then this punishment will be extended to 25 years imprisonment. In case of computer fraud and abuse activity, the punishment will be imprisonment up to 20 years. In case of counterfeit access device and computer fraud case, the imprisonment may vary from 5 years to lifetime (PBS, Who’s Responsible? Computer Crime Laws, 2014). The first case in which Morris was convicted in 1999, was punished with a sentence of 400 hours and fine of $10,000.
CSO plays a vital role in the security of information in the organization as its motive is to ensure that organization’s security functions are of great value that can secure an organization from cyber-attacks. However, he could suggest more new ways that could enhance the security of information in order to mitigate those cyber-attacks. Another duty of CSO is to identify the defense goals of the organization and build strong connections between the different departments of an organization. It is the responsibility of CSO to improve security, achieve organizational goals and prioritize the budget for security to enhance it.
Cybersecurity is a vital factor for all the organization who have to secure their sensitive information as they may contain information about their employees and customers and that is meant to be secured at any cost. There have been certain policies defined by security agencies that could be implemented in order to mitigate these risks, however there is also need of training to the employees that could teach them some basics about how to use the computers in organization and keep the information secure so that they are not a part of information leakage from organization either intentionally or unintentionally.
Bucci, S. (2009, 6 12). The Confluence of Cyber Crime and Terrorism. Retrieved from Heritage: http://www.heritage.org/research/lecture/the-confluence-of-cyber-crime-and-terrorism
Center, P. T. (2011, 12). Data Security: Top Threats to Data Protection. Retrieved from Privacy Technical Assistance Center: http://ptac.ed.gov/sites/default/files/issue-brief-threats-to-your-data.pdf
Guerra, T. (2015). Roles & Responsibilities of a Chief Security Officer. Retrieved from Chron: http://work.chron.com/roles-responsibilities-chief-security-officer-19479.html
Hoffman, C. (2013, 10 10). 10 Important Computer Security Practices You Should Follow. Retrieved from How to Geek: http://www.howtogeek.com/173478/10-important-computer-security-practices-you-should-follow/
ILT. (2013, 4 24). Computer Fraud and Abuse Act (CFAA). Retrieved from Internet Law Treatise: https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29
KNEELAND, G. (2014). CONCEPTS IN CYBER SECURITY. Retrieved from Wiscosin Wastewater Opeartos’ Association: https://www.wwoa.org/files/publishedpapers/2014/Conference/F3_KNEELAND_NIST_Framework.pdf
LaMance, K. (2016). Law Library: Cyber Crime. Retrieved from LegalMatch: http://www.legalmatch.com/law-library-cyber-crime.html
Management, S. K. (2014, 17 6). CyberSecurity’s Most Significant Threats. Retrieved from Slideshare: http://www.slideshare.net/markb677/cybersecuritys-most-significant-threats
Montalbano, E. (2010, 12 15). 5 Data Security Threats Facing Companies Today. Retrieved from Business Insider: http://www.businessinsider.com/5-data-security-threats-facing-companies-today-2010-10
Paganini, P. (2013, 11 1). The Impact of Cybercrime. Retrieved from Infosec Institute: http://resources.infosecinstitute.com/2013-impact-cybercrime/
PBS. (2014). Who are Hackers. Retrieved from Public Broadcasting Service: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html#morrisworm
PBS. (2014). Who’s Responsible? Computer Crime Laws. Retrieved from Public Broadcasting Service: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html
Scout, I. T. (2015). Cyber Crimes is a Growth Industry. Retrieved from Identity Theft Scout: http://www.identity-theft-scout.com/cyber-crimes.html
Unit, C. (2015, 4). Best Practices for Victim Response and Reporting of Cyber Incidents. Retrieved from Justice: https://www.justice.gov/sites/default/files/opa/speeches/attachments/2015/04/29/criminal_division_guidance_on_best_practices_for_victim_response_and_reporting_cyber_incidents.pdf
University, I. (2015, 8 25). Best practices for computer security. Retrieved from Indiana University: https://kb.iu.edu/d/akln#polp