Cyber Defense & Emerging Trends

Technology is forever changing. While these new technologies can bring excitement and ease mundane responsibilities, and increase security, there is a substantial amount of risk involved. I am a security analyst for a mid-sized manufacturing company that has released its own smart headset into the market. I will be performing an audit on the company in which I work for and accessing the human factor, data protection strategies, and system protections.

Human Factor Trend

The human factor in cybersecurity is defined as an action or event that could result in a potential data breach. Humans are accident prone and eager to complete tasks quickly, which may result in errors that could allow breached access to the systems and data. According to IBM (2021), the average cost of data breaches from human error stands at $3.33 million. A small or medium business may not be financially able to cover the cost associated with a breach.

Our employees are so important when it comes to cybersecurity. The human involvement in the processes and behind the scenes create lots of risks. The best way to protect an organization would be to properly train our employees and invest into their education and knowledge. I believe cybersecurity awareness training related to the product and general best practices could greatly benefit the company. These training programs could give employees a real-time simulation and look into what actually happens during an attack and what they can do to help aid against them. Training should be mandatory for all employees and happen at predetermined intervals.

I also believe another strategy for the human factor is access rights and privileges. These should be set up and audited regularly to ensure all users have the correct access rights and permissions. The company should follow the principle of least privilege and only allow users access to the files they need to do their job. Access logs should be monitored and reviewed regularly. You could find an employee using another employee's credentials or an employee stealing files during odd times.

I believe that an awareness training program is a credible solution because in an ever changing field such as cybersecurity, there is always something else to learn or something that you haven’t seen before that you need to learn. The bare minimum expected is to teach and train your employees to do their job effectively and in a manner that would maintain confidentiality, integrity, and availability.

The risks that revolve around not having an awareness training program implemented are quite substantial. Users may fall into the trap of a phishing attack, where the user could be tricked into giving his or her credentials to the attacker or running malicious software. Users often stated they were distracted or not paying attention when clicking on phishing emails they thought were from their supervisors. Having a proper awareness training program is very rewarding. Investing in our employees and teaching them about risks such as these will surely decrease the chances they will happen and potentially have negative results. Training eliminates the what to do and how to do it. Also the question arises as to how we can hold the employees accountable if we did not teach them how to properly and safely do their job.

According to F5 (n.d.), phishing incidents rose 220% during the height of the global pandemic compared to the yearly average. These incidents are also forcasted to increase 15% year-on-year. Attackers are becoming increasingly smart and using targetted name brands and identities for their website. The differences are minute and if you are not paying attention, you could believe you are on the actual website instead of being on the phishing website. These phishing attempts are an effort at getting a user to run malicious code or give out their credentials. Security strategies and policies will have to be updated as these new attacks are discovered. The awareness training program will have to be updated and it would be a good idea to email new scams/ attacks out to the employees as they are discovered so they can be aware.

Data Protection Strategy

Data protection is defined as the process of safeguarding data. The headset that our company is manufacturing has the ability to access highly sensitive data, such as product schematics, invoices, emails, text messages, or any documents on the server for that matter. A crucial data protection strategy that should be in place is encryption. Encryption is a form of data security that renders data unreadable to unauthorized users. There are several types of encryption, but today's most common encryption method is asymmetric encryption or public key encryption. Public key encryption uses two keys, a public key to encrypt the data, and a private key to decrypt the data. As long as the private key remains private and unknown to any unauthorized users, the data is safe. Our headsets will be in constant communication with the central office servers via a bluetooth connection. Public key encryption is also a better option as it is stronger when transmitting data over the internet.

I believe that encryption is a credible solution because it is an additional layer of security. with encryption, even if a hacker was able to gain access to the system, the devices would be secured and the data would be unreadable. Encrypting sensitive data can also help keep a company compliant with federal and state laws and regulations.

There are many risks and rewards regarding encryption. The main risk that I could see is regardless if the data is encrypted or not, if someone gets a user's credentials and can sign into the system, they can access the data. This is why multi-factor authentication and strong password policies are so important. The rewards regarding encryption are secure data at rest and in motion. Without the user credentials, the data is safe and rendered useless to anyone who tries to read it. Encryption also aids in overall privacy, security, and regulatory compliance.

The encryption will happen at all 3 states, in transit, at rest, and in use. Protecting data in transit provides a really high level of data protection. Encryption occurs between the specific communicating devices helping to prevent sniffing or man-in-the-middle attacks. Protecting data at rest while stored on the server or on the device is good practice. If the device is lost or stolen or the servers are breached, the data is protected. Protecting data in use is far more challenging. This relies heavily on encryption of data at rest and strong authorization and access controls. Multi-factor authentication and the principle of least privilege will provide a minimal level of encryption for data in use. Asymmetric Encryption would almost definitely be used in this case. RSA (Rivest Shamir Adleman) would be a great encryption algorithm as it is one of the strongest and most secured algorithms.

System Protection Trend (Endpoint/Server Protection Technologies)

Endpoint security is the practice of securing all the endpoints and entry points of user devices, such as laptops and desktops, or in our case headsets and cellphones, from being exploited by malicious means. Data is the most valuable asset a company has and must be protected. Endpoint security includes VPNs, firewalls, email gateways, intrusion prevention systems (IPS), and many more security tools that can be used to secure endpoints. It is important to secure endpoints because every endpoint is a potential entry point that could be exploited.

An endpoint protection platform (EPP) would be a great consideration to add to the system if not currently implemented. EPPs work to examine files, processes, and activity over the system in an effort to detect malicious indicators. EPPs provide a centralized management console to monitor, protect, investigate, and respond to any incidents that may arise.

I believe that endpoint security is a credible solution because it implements a lot of tools that can be used to monitor and address issues and concerns within the system. Endpoint vulnerabilities are often where machines and humans intersect, which causes a lot of security risks. Being able to log in and monitor the system and fix and react to issues quickly would greatly benefit the company.

A few risks related to endpoint security are phishing attacks, lost or stolen devices, and outdated software/patches. If a user clicks on a phishing email link or loses their work device, it jeopardizes the security of the data and the system. Running malicious software from a phishing email could ultimately infect an entire network if proper risk management procedures are not followed. Outdated software and patches allow for vulnerabilities to be exploited by an attacker to gain access to a network or system. Properly securing endpoints and implementing an EPP would greatly benefit the company. The centralized management console would make the work of securing endpoints much easier and give visibility to issues that may arise. Encryption alongside multi-factor authentication would ensure that data is safe and the system is secure.

An emerging technology is Artificial Intelligence (AI). AI is playing a big role in new technologies in cybersecurity. AI boosts security by helping to detect attacks and prioritze responses. IBM Security MaaS260 with Watson allows you to manage and secure your mobile workforce with AI-driven endpoint management. With AI, this platform will deliver contextually relevant and actionable security insights across your network. This will give transparency into the vulnerabilities you may have with you mobile devices, allow you to fix these issues, and focus on establishing good practices and training around these insights.

References

What is Encryption? (n.d.). Fortinet. Retrieved from: https://www.fortinet.com/resources/cyberglossary/encryption

The Human Factor: The Hidden Problem of Cybersecurity. (2021, May 19). Cydef. Retrieved from: https://cydef.ca/blog/the-human-factor-the-hidden-problem-of-cybersecurity/

Aarness, A. (2021, November 15). What is Endpoint Security? How Endpoint Protection Works. CrowdStrike. Retrieved from: https://www.crowdstrike.com/cybersecurity-101/endpoint-security/

Phishing Attacks Soar 200% During Covid-19 Peak as Cybercriminal Oppurtunism Intensifies. (n.d.). F5. Retrieved from: https://www.f5.com/company/news/features/phishing-attacks-soar-220--during-covid-19-peak-as-cybercriminal#:~:text=COVID%2D19%20continues%20to%20significantly,compared%20to%20the%20yearly%20average.

Artificial Intelligence (AI) For Cybersecurity. (n.d.). IBM. Retrieved from: https://www.ibm.com/products/maas360

Violino, B. (2022, September 13). Artificial Intelligence is Playing a Bigger Role in Cybersecurity, but The Bad Guys May Benefit The Most. CNBC. Retrieved from: https://www.cnbc.com/2022/09/13/ai-has-bigger-role-in-cybersecurity-but-hackers-may-benefit-the-most.html#:~:text=Artificial%20intelligence%20is%20playing%20an,to%20launch%20more%20sophisticated%20attacks.