7-1 Final Project Submission - Cyber Defense and Emerging Trends Paper

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

250

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

9

Uploaded by SuperKoala931

Report
1 7-1 Final Project Submission: Cyber Defense and Emerging Trends Paper Chris Lawton Southern New Hampshire University CYB 250: Cyber Defense Prof. Nancy McDonnell August 13, 2023
2 Bringing innovative technology to an organization can always be extremely exciting. Figuring out ways to streamline work through technology can lead to enjoyment for employees and ease of getting tasks done for the organization. With innovative technology can always come some trends that need to be addressed. Working for a mid-sized manufacturing company that plans to release its own smart headset that has capabilities to project important documents on to an optical screen for the technicians we have in the field could provide an impressive experience for the field workers. The information that could come through the headset includes schematics, invoices, emails, text messages, or any documents that are in the shared drive on the server. This would mean it needs constant communication with the server in the central office. This connection would come through the technicians’ cell phones via a Bluetooth connection. This could cause for some drawbacks or things that should be considered that I will outline. I. Personnel or human factor trend The first trend I would like to outline involves that of the human factor. It is no secret that human error is a very real and threating aspect and is one of the leading causes of breaches within an organization. Providing employees with the proper security training can be extremely beneficial to the protection of the organization and preventing such breaches. Having proper security engagement and training among all departments throughout the organization can help lead to a greater understanding of threats for all personnel, not just the IT or security department. When the entire organization is aware of threats and trends, they are more capable of noticing something that is awry. It also can help employees know proper policies and procedures to follow when something seems off or even something as simple as proper disposal of company assets. This can come in the form of simulations. Such as periodically sending
3 phishing attempts to ensure proper employees’ response, fully encrypting all organizational devices, and having proper access control throughout the organization to prevent employees from accessing information they should not. Having proper training could help to ensure proper handling of data from the field technical and help to prevent social engineering attacks that could be caused by improper training. When it comes to providing the entire organization with proper security training, there can be some risks and rewards that could come. According to CybSafe (2023b) some statics to look at the involve cybersecurity training are the average cost of a data breach in 2022 was just under $4.35 million, 1 in 9 businesses provided cybersecurity training to non-cyber employees in 2020, 1 in 3 data breaches involve phishing, and 20% of organizations faced a security breach because of a remote worker. Those are just some risks involved in not providing any sort of training for the entire organization. Some of the risks involved in providing training would be not providing engaging training to keep employees that are maybe outside of the IT or security realm engaged throughout to gain the knowledge needed to help keep the organization safe. Another risk could include not using proper language that everyone in the organization could understand when it comes to threats or plan of action to those threats. While these are just some risks, there are many rewards that could come from proper security training. One of the major rewards would be everyone in the organization adopting a security mindset and always staying engaged and alert to possible threats. This could help to cut down on the human factor that has plagued many organizations in the past. As outlined above, the risks of not having proper training can affect the cybersecurity landscape of an organization greatly. Building trust with clientele or business partners is vital to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 an organization for growth and income. “A survey of 2,000 respondents showed that about 86.6% of those asked were hesitant to patron a business that experienced a data breach in which credit or debit card information was compromised. That’s over 1,700 people who would lose faith in an organization as a result of what could be a simple, quick mistake.” (Benefits of Cybersecurity Training | Michael Page, n.d.). This can greatly impact whether a business can keep going. Without having investors, customers, or business partners’ trust, it makes it very hard for a business to stay afloat. With the ever-growing world of technology and ways attackers can exploit a system, the trend of proper cybersecurity training has grown. Finding the proper balance between policies and engagement is crucial to keep everyone on board and holding that security mindset. Everyone in an organization has the power to help prevent attacks. II. Data protection strategy or technology trend In a world where data is constantly flowing and attackers are always looking for ways to exploit this data, a data protection strategy is pivotal to, as the name would imply, protect data. Having a strategy in place can help to protect an organization because it can help you outline the data laws you have to follow, how to mitigate risk, gain the edge over an attacker, and build trust with partners, clients, and employees’ data. Not having a proper strategy in place could lead to a breach where sensitive data is exploited, and the organization loses a lot of money. According to (Cigent Technology Inc., 2022) the average breach in the US costs $9.44M. Utilizing a proper data protection strategy could help lead to peace of mind knowing there is a plan in place if an attacker where to make it through and there are outlines to mitigate risk. This could help our organization if an attacker were able to gain access through the Bluetooth
5 headset to exploit all the data transmitted through it. It would also help if an attacker were to gain access from the server that is transmitting to the phone that is connected to the Bluetooth headset. Knowing what attacks might happen and how to manage them is extremely important for data protection for any organization. Data protection strategies such access management controls come with great rewards. Utilizing this strategy allows an organization to control what users can and cannot do and keep them in line by only allowing access to data that they need for their day in and day out tasks. Without proper control there are a lot of risks, and some include users accessing data that they should not and having the capability to exploit sensitive data. It could also allow for an attacker to have easier access by just needing to gain access to the network and then having potential free reign over all the sensitive data that they could want. Broken access control is the #1 on the OWASP Top Ten with the most occurrences in the contributed dataset. This goes to show that it is a trend that is greatly on the rise as the rewards are significantly higher than the risk. Cryptographic techniques can be used to enforce the principle of least privilege (POLP). This is done by application-level encryption. Utilizing this method of encryption can allow for more control as well as security because the application itself has the capability of securing the data as soon as it is created. A great example of this could come in the medical field and storage of emergency medical information. Application-level encryption could lock this information away from servers, algorithms, and IT staff unless certain conditions hold (such as a medical emergency) (Potoczny-Jones, 2020). This can allow for a greater range of security outside of just simple access control or POLP. The major drawback to this is the work would increase when deciding which keys to use for the encryption of data.
6 Some security concerns that come with cryptographic techniques could include lost, corrupted, or deleted keys. This would cause for all the data encrypted with the key to be lost. If lost and gained by an attacker, that could cause great risk as the attacker would then have access to all that data and have the capability to exploit it. III. System protection trend In today’s age where everything is now remote or through the cloud, employees are either working on the go or from home, it is vital that proper network protection technologies are put into place. There are many different options and those include firewalls, network segmentation, access control, VPNs, IPS, IDS and many more. There are a lot of options, but I want to focus on VPNs. VPN, or Virtual Private Network, utilizes a strategy that reroutes internet traffic through a remote server that will encrypt in the process before reaching its destination. This could be extremely helpful for any organization that has field workers that cannot always connect to safe Wi-Fi or want to have all data moving to be encrypted. Some VPN servers come with the option of enabling a two-factor authentication to add an extra layer on top of passwords for even more protection. With the field technicians being remote and gaining access to sensitive data on the go, it would be especially important to have network technologies in place such as a VPN. This can help to keep data encrypted as it moves back and forth and gives peace of mind knowing that data is protected from attackers. The number one reward that comes with the implementation of a VPN is that your data will be secured. This is done by encrypting data as it travels, hiding actual IP addresses, and funneling traffic from the remote server to the end user. This can help to keep data protected while working on the go. This is a huge reward for the remote work that continues to grow
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7 since the pandemic. Another reward would be the low maintenance that comes with a VPN. They are relatively cost effect and simple to maintain. This allows for less manpower to keep oversight and troubleshoot. One risk that comes with VPNs is going to sound contradicting, but security. One remote employee could compromise the entire network by not following proper procedures for their remote devices. Another risk comes in the form of performance. With the process of encrypting data and routing of traffic – it can cause for slower than usual performances like when trying to run an application. As stated, with the growth of remote work, VPNs have become a mainstay in security policies for most organizations. VPNs are an easy implement to any network and can add an extra layer of security to any organization. With employees always on the go and having to potentially connect to public Wi-Fi at times, it has shown the great need for an organization to implement a VPN. There would need to be a policy update to show that a VPN must be always used but especially while utilizing public networks. This strategy has helped to give some peace of mind to an organization as remote work becomes a new norm. In conclusion, having proper security training in place can help to eliminate some of the human factor elements that come with handling sensitive data. Having a proper data protection strategy in place can help to mitigate risks, save money, gain the edge over an attacker, and provide a proper plan to ensure data protection. And lastly, there are many different options to help protect the network and VPN is an excellent choice to add an extra layer of protection to an organization that will be utilizing Bluetooth headsets for field technicians to access sensitive data on the go.
8 References A01 Broken Access Control - OWASP Top 10:2021 . (n.d.). https://owasp.org/Top10/A01_2021- Broken_Access_Control/ Benefits of Cybersecurity training | Michael Page . (n.d.). Michael Page. Retrieved August 12, 2023, from https://www.michaelpage.com/advice/management-advice/development-and- retention/benefits-cybersecurity-training Cigent Technology Inc. (2022, November 17). What is a Data Protection Strategy and Why is it Important? - Cigent Technology Inc. Retrieved July 30, 2023, from https://www.cigent.com/resources/data-protection-strategy#:~:text=A%20data %20protection%20strategy%20is,these%20risks%20can%20be%20mitigated. Cryptographic Risks | Securing Databases with Cryptography | InformIT . (n.d.). https://www.informit.com/articles/article.aspx?p=423771&seqNum=4 CyberlinkASP. (2021). VPN pros and Cons for business. CyberlinkASP . https://www.cyberlinkasp.com/insights/vpn-pros-and-cons-for-business/ CybSafe. (2023). 7 reasons why security awareness training is important in 2023. CybSafe . https://www.cybsafe.com/blog/7-reasons-why-security-awareness-training-is-important/ Habte, F. (2022, April 25). What is Network Security? The Different Types of Protections . Check Point Software. https://www.checkpoint.com/cyber-hub/network-security/what-is- network-security/ Human error is to blame for most breaches . (n.d.). https://technews.tmcnet.com/cybersecuritytrend/topics/cyber-security/articles/421821- human-error-to-blame-most-breaches.htm
9 Potoczny-Jones, I. (2020). Cryptographic access control for true policy enforcement. TOZ . https://tozny.com/blog/cryptographic-access-control/#:~:text=Cryptography%20for %20Access%20Control&text=When%20enforced%20with%20cryptography%2C %20the,is%20robust%20against%20strong%20attackers. What is VPN? How It Works, Types of VPN . (2023, June 30). www.kaspersky.com. https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CYB 230 7-2 Project Three - Network System Security Plan Recommendation.docx
4-3 Project One Milestone - Vulnerability Identification Report.docx
CYB 230 6-1 Project One - Permission Modification.docx
6-1 Discussion - Cybersecurity Awareness and Training.docx
CYB 230 Module Five Lab Worksheet.docx
CYB 230 6-2 Project Two - Server Configuration Verification Report.docx
7-2 Project Two - Recommendations Report.docx
5-2 Short Response - Breach Analysis Simulation Two.docx
6-3 Project Two Submission - Legal and Ethical Recommendations Brief.docx
2-3 Short Response - Breach Analysis Simulation One.docx
CYB 240 Module Two Lab Worksheet.docx
ITT-380 Public Key Infrastructure (PKI) for Payment Card Industry Data Security Standard (PCI-DSS) C