Table of Contents
Project Objective. 3
Project Scope. 4
Cyber security challenges faced by businesses. 5
Following are the cyber security challenges faced by businesses. 6
Phishing attacks. 6
Network Probes. 7
Brute force cracking. 8
Malware and Ransomware. 9
SQL injection attacks. 10
“Man in the Middle” (MITM) Attacks. 11
Denial-of-Service (DoS) Attacks. 12
Cyber security has become essentially important for the existence and operation of any business. The primary objective behind ensuring cyber security is to protect and safeguard information of a business. With constantly changing and advancing technologies and ease of internet access over the globe, the networks are open and businesses are widely accessible to large population which also includes intruders who can gain unauthorized access to vital information who can steal, alter and destroy it. This project introduces all possible vulnerabilities that businesses are susceptible in an operational business framework. This project also highlights the increased dependency of businesses on providing cyber security to safeguard their data and operations. (Wang, 2017)
The objective of this project entails the examination and in depth study of all possible and potential causes as well as challenges pertaining to cyber security that are faced by businesses. Besides this, this project also covers the ways in which the malicious threats are likely to affect and hinder the operational semantics of businesses and the ways in which the businesses should cope with these major cyber security breaches and threats.(Cleveland, 2017)
Studies conducted and research has revealed an exponential rise in the cyber security incidents of cyber vandalism and loss or theft or damage of vital information that has severely harmed businesses.
For instance, according to the survey conducted in the year 2004 by the Computer Security Institute, the incidents of vandalism and crimes were recorded as high as 49 percent within a time span of 1 year. Hence as a result, significant financial losses were recorded by these organizations to the tune of more than 141 million dollars in 2004.
In 2015, the incidents of cyber fraud and crime were recorded around 54 percent.
In 2015, Symantec reportedly blocked nearly 100 million fake technical support scams for safety of users as well as businesses.(symantec., 2017)
Phishing attacks is a type of security breach in which a cyber vandal most commonly assumes the fraudulent form of a business and tries to lure the users into divulging their confidential or important personal information. In other words, phishing attack occurs when an attacker falsely claims to be someone else such as it assumes the entity of a genuine sought out or large business entity and tricks the users. Phishing can be easily detected because they are usually slightly wrongly spelt or are a close mock up of the genuine website. (Researchgate, 2017)
Phishing incidents include the following:
The following diagram illustrates spear phishing; a version of phishing cyber attack.
Network probe is a type of cyber security threat that involves deliberate acts or constant attempt that are targeted at gaining unauthorized access to the information of the systems of a business where the access would otherwise have been restricted. This is typically done by attempting to chase and spot a weak point present in the system.This kind of security attack signifies that the systems are being probed and monitored closely by some attacker with the help of network monitor which is commonly used in this configuration to monitor real time traffic on the network.(Ist.mit, 2017)
For instance, there is evidence to suggest that the Russian parliament is probing the U.S. outlets which suggests a form of network probing.This project introduces all possible vulnerabilities that businesses are susceptible in an operational business framework. This project also highlights the increased dependency of businesses on providing cyber security to safeguard their data and operations.
In this type of cyber security attack, a cyber criminal such as an application programmer employs a technique to hack systems and get access to restricted confidential data of businesses. This technique is commonly a trial and error method which is characterized by decoding of encrypted data. This data such as account details, bank details, employee records, personal information, passwords of accounts, etc. is commonly decrypted by cyber criminals using Data Encryption Standard keys. This takes place as follows. The technical hacker or cyber attacker tries to continuously crack the password by guessing it again and again until he finally got it right.
Recent incidents of brute force cracking include the following:
Malware is a type of cyber security threat that particularly infiltrates the user’s system and can cause potential damage to the system of the business without the awareness on part of the user of business.
Malware and ransomware contain malicious content such as worms, adware, viruses, trojans, which are deliberately designed and introduced by a cyber attacker to ruin, alter or steal sensitive data of businesses. This is most commonly achieved by way of enclosing this malicious content in email attachments. Thus, when a user clicks on these emails without knowing the nature of these attachments, they are injected into the systems hence disrupting the operational efficiency of the businesses.(US-Cert, 2017)
Prevention of malware:
Businesses can protect and safeguard their sensitive data from such kind of cyber attack by verifying the source from where emails are being received and avoiding opening any attachments that look suspicious in nature or emails that do not belong to a secure source or sender. Also, continually updating security semantics and installing anti-virus software as well as regular updating of firewalls can help in coping with ransomwares and malwares.
All crucial data and figures of a business are typically kept in a server. In other words, server is a central repository of all vital data of a business. Therefore, in order to disrupt the business operations, cyber vandals most commonly take advantage of the implementation shortcomings of the structured query language which is used as a to manage all the data stored in the databases of the servers.
In this kind of cyber security breach, the cyber attacker uses SQL limitations to his advantage and interferes with the security mechanism which helps him to gain unauthorized access to the servers that contain all the confidential and restricted information. This is achieved as follows.The attacker plans and programs the server by running certain SQL codes and snippets that will let the server to grant access to all the information which was kept restricted and confidential.(Microsoft, 2017)
For instanceSymantec reported the presence of Team GhostShell in 2015. Symantaec claims that this team is said to have targeted and successfully hacked numerous websites by evidently injecting SQL injections and releasing SQL snippets of code on the websites and stealing important information causing huge losses to businesses.
Man in the middle attacks is another popular form of cyber security challenge that has plagued businesses. In this type of cyber security attack, the cyber criminal obtains central control and mediates the communications as well as data transfers between the two communicating parties over a network. In a typical man in the middle attack, the cyber criminal performs an act of eavesdropping. He deliberately interjects himself as a proxy between real time ongoing transactions between the user and server and elicits sensitive data from both the communicating parties over the network. For instance, the cyber attacker elicits banking and credit card details from the user and steals this information for his use without any knowledge on the part of either of the communicating parties.
In a Denial of Service attack, the intruder or cyber attacker floods the server with multiple requests and blocks the entire network. This either leads to congestion over the network, failure to transmit or receive the packets in a network or rendering the network unavailable for any kind of service altogether. Thus, the attacker blocks the server and overloads it in such a manner that it prevents even the legitimate users from getting access to the network or its related services. Such an interference with the network triggers a denial of service attacks which in turn is responsible for disrupting business practices of organizations by hampering all automated services that are heavily reliant on the server and network. (learncryptography, 2017)
Various kind of research can be done on cyber security. As per one of the articles there was a survey conducted for Smart grid communications.
A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid.
Many of the current communication technologies have recommended to use smart grid which would help them to prevent cyber threat. Power industry is a type of industry which integrates communication networks with electrical distribution to form information as well as ensure optimum flow of infrastructure and two-directional power.
The integration of it moves both automation systems from outdated, proprietary technology to the advanced communication technologies. Apart from this it also changes the closed power control systems to the public data network
By adding significant new functionality, distributed intelligence, and state-of-the-art communication capabilities to the power grid, the smart grid infrastructure can be more efficient, more resilient, and more affordable to manage and operate.
So this shows that cyber security is a very important medium in the current world. Power industry benefits from this digitization where everything should be protected through anti-virus.
With a sharp increase in the number of users, ease of access to internet and other media, there has been a steep rise in the incidents of cyber threats and challenges that businesses face today. Therefore, cyber security breaches pose major threats to sustenance and well being of a business. In the current scenario where every operation related to a business is rendered on a digital platform, it is absolutely vital that the business adopt practices of cyber security. Hence in order to ensure safeguarding of valuable information and prevent the information from being accessed by unauthorized illegitimate users or cyber attackers it is important confirm with cyber security practices and paradigms.
Cleveland, F. (2017). Cyber security issues for Advanced Metering Infrasttructure (AMI). 10.
edx. (2017, May 7th). edx.org. Retrieved from edx.org: https://www.edx.org/micromasters/ritx-cybersecurity
Ist.mit. (2017, August 20th). Ist.mit. Retrieved from Ist.mit: https://ist.mit.edu/security/malware
learncryptography. (2017, August 20th). learncryptography. Retrieved from learncryptography: https://learncryptography.com/attack-vectors/brute-force-attack
Microsoft. (2017, August 20th). Microsoft. Retrieved from Microsoft: https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx
owasp. (2017, August 20th). owasp. Retrieved from owasp: https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks
Researchgate. (2017, August 20th). Researchgate. Retrieved from Researchgate: https://www.researchgate.net/publication/277723629_Network_Security_and_Types_of_Attacks_in_Network
symantec. (2017, August 20th). Symantec. Retrieved from symantec: https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
US-Cert. (2017, August 20th). US-cert. Retrieved from US-Cert: https://www.us-cert.gov/ncas/tips/ST04-015
Wang, W. (2017). Cyber security in the Smart Grid: Survey and challenges. 20.