IT Security Breaches

pdf

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

320

Subject

Information Systems

Date

Dec 6, 2023

Type

pdf

Pages

4

Uploaded by BailiffKnowledge19216

Report
1 IT Security Breaches Adrian Andrade Grand Canyon University ITT-415 Chuck Brust Due November 19, 2023
2 Social engineering is the act of using psychological tricks or manipulation to coax people into making security mistakes, or giving away sensitive information. Two of the biggest cyberattacks to come of date (2023) were executed through social engineering. The reason why these attacks are so successful compared to actual cyber attacks (like using malware and other tech techniques) is because they p lay on the minds of others. Using peoples’ emotions and psychology and the such. And the reasoning makes a ton of sense. It is much easier to exploit a singular person than it is to break into and exploit an entire security system, decked out with strong defenses and security measures. And more so, users often have privileges (or in essence, keys into the syst em) that can access the system. So, as an attacker, you don’t really need to break into a system head-on, you could convince someone into giving the keys for you. In this case, it is likely that the attackers use psychological techniques to confuse target employees to either make a security mistake that gave them official confidentials, or coaxed them into literally giving away credentials. For this, it is possible they posed as a real employee and asked for help in getting their credentials back, possibly through the scenario of forgetting their password or of medical condition. One way that all companies try and prevent all social engineering attacks is continuous software patches. Many social engineering attacks involve changing system configurations or other things. Software patches directly combat this. However, this probably failed for target because the attackers planned for it. Software patches work through a schedule, any employee (especially IT staff) are aware of the schedule. So, any person with employee information (or was coaxed into
3 giving it away) and credentials know this schedule. The attackers possibly used that information to know exactly when to apply their attack after sufficient planning, before the software is reseted and updated. With this in mind, the most important operational element they missed was proper planning. Target should have planned for this type of scenario, and create contingencies for it. They could have planned for social engineering and train their employees to always anticipate someone asking for employee information and never give it through the phone or email, and ask for it in person. This way, the identity of the recipient is confirmed through cameras inside a target building, and from the target employee handling the transaction. This would be a far better way they could have handled the social engineering attack. More training by target with their employees would be appreciated as well. Target must always keep up with IT trends and attacks. Although, they should be aware that it is impossible to guard against every attack. Zero-days exist, which are brand-new, and completely Un guardable cyber- attacks that no security system can anticipate for. What they should also know that this isn’t the goal, the goal is to make it as hard as it possible can for the attackers to act. In other words, the goal isn’t to make it impossible for attackers to attack, but to make it as difficult as possible to repel small to the most common attacks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Sources Rosencrance, L., & Bacon, M. (2021, June 3). What are social engineering attacks? . Security. https://www.techtarget.com/searchsecurity/definition/social- engineering#:~:text=Social%20engineering%20is%20a%20popular,steal%20sensitive%20data%20or %20disperse Operational planning 5 key things you need to consider to do it well . FCC. (n.d.). https://www.fcc- fac.ca/en/knowledge/operational- planning.html#:~:text=Whatever%20operation%20needs%20a%20solid,(HR)%20and%20financial% 20limits . Kaspersky. (2023, April 19). Ways to avoid social engineering attacks . usa.kaspersky.com. https://usa.kaspersky.com/resource-center/threats/how-to-avoid-social-engineering-attacks

Related Documents

Assignment3_vr_spr23.docx
BIS181_MT2_2023_FORM_A_KEY.pdf
Outsourcing Case Application Exercise.pptx
Benchmark – Security Control Analysis.pdf
English pronouns 3.jpg
Benchmark - Developing Contingency Strategies For Information System.pdf
Pen testing Methodology.pdf
Applying Advanced Protocols.docx
Vulnerability Assessment Scan Essay.docx
M3 Lab.docx
ICC104 Assessment 2 .docx
annotated-ENPM687Final_RheaJokhi.pdf