LO1

In the 20th century, a wave of technological advancement changed the global

economy. The rise of the digital revolution pushed industrialism aside while the
world became connected. Humankind shifted to higher levels of connectivity—
from offline to online, from phone to smartphone, from local to the cloud, and
from private to sharing—creating a ripple across the world that demanded
greater and better and more innovative technologies.

In the dawn of the digital revolution, hackers were born. They roam the
technology sphere like gunslingers in the wild wild west. They hack systems,
hold data for ransom, inject malware, and crash networks. Attacks usually occur
when there’s something to gain and something to exploit, and the Internet has
been providing hackers with vulnerable treasures since 1990.

For the past decade, technology experts ranked data breaches among the most
dangerous information security risks. While data breach attacks remain a threat,
the Fourth Industrial Revolution (4IR), which fuses technologies into cyber-
physical systems, introduces risks that to date, have only existed in the
imagination of science fiction authors.

Every year the Information Security Forum (ISF) — a nonprofit organization

dedicated to the research and analysis of security risks — releases a report
called Threat Horizon that outlines the most pressing security threats. The 2019
report contains security risks that illustrate the importance, if not urgency, of
updating cybersecurity measures fit for 4IR technologies.
Risk 1: Ransomware attacks on the Internet of Things (IoT) devices

The Horizon Threat report warns that over-reliance on fragile connectivity may
lead to disruption. Vulnerabilities in Internet networks, smart devices, and poor
security regulations expose companies to attacks. Analysis by Gartner estimates
that more than 26 billion IoT devices, which rely on connectivity, will be
deployed by 2020.

The IST report warns that IoT devices can be used as gateways to inject
ransomware on connected devices and systems. Ransomware attacks encrypt
the victim’s data and demand payment for the encryption key. As more
industries adopt IoT technologies, the consequences of ransomware attacks on
IoT devices could incur expensive repair expenses, loss of authority due to data
loss, and mortal fatalities due to compromised medical systems and vehicle
components.

How to prevent ransomware attacks on IoT

The nature of IoT technologies requires a cohesive security infrastructure that

integrates manufacturer security protocols with company-based cybersecurity
and proper private use standards. Incorporate anti-ransomware capabilities into
the security solution and initiate regular updates to mitigate vulnerabilities in
devices and operating system.

Risk 2: AI-powered chatbots manipulate information

While the information age has provided people with opportunities and tools for
growth through online education and interactive learning, it has also given birth
to “fake news”. Information impacts every aspect of a company, from decision
making, recruitment procedures, business and product development, marketing
and promotion, and share price.

When trust in the integrity of information is lost to distortion, companies may

face dire consequences. The ISF report predicts that advances in artificial
intelligence (AI) personas will prompt an increase in information distortion
attacks, now targeting companies’ reputations, operations, and share price. As it
becomes harder to distinguish between chatbots and people, automated
misinformation gains instant credibility.

How to maintain integrity and trust in the face of fake news

While constant digitalization has made it virtually impossible to control the

flow of information, there are ways to fight back. Steve Durbin, managing
director of the IST, recommends implementing risk management for
information strategies that monitor online media channels and then enforcing
mitigation strategies. You might also consider utilizing fake news detection
methods such as algorithms and machine.

Risk 3: Compromised blockchain systems

The blockchain technology was introduced in 2008 by an individual or a group

called Satoshi Nakamoto as a core component of the bitcoin cryptocurrency.
During 2014 blockchain surpassed its original purpose in cryptocurrency and
penetrated different markets. Nowadays applications of blockchain technology
can be seen in financial institutions, entertainment companies like Spotify, and
healthcare companies such as MedRec.

However, while the blockchain model of peer-to-peer transfer without a central

intermediary can reduce costs and raises efficiency, it does not come without
risks. Weak encryption, hashing, and key management, for example, or poorly
written programs may introduce vulnerabilities to the system. A compromised
blockchain could lead to unauthorized diversions of funds, data breaches, and
fraudulent transactions.

How to protect blockchain systems

The ISF recommends educating employees on proper blockchain security,

auditing third-party security controls, and implementing a blockchain security
infrastructure based on best practices. Additionally, you can create a blockchain
governance structure, use standard performance requirements, and analyze
blockchain activity on a regular basis.

Riske 4: Cyber warfare influencing global trade

As nations engage in cyber warfare, the ISF report warns that premeditated
internet outages may bring trade to its knees. Cyber attacks on government
organizations, private companies, and financial institutions could lead to
millions of dollars in losses. Systems failures can force a transaction shutdown
that halts global trade, while the loss of connectivity shuts down government
services like law enforcement. Ultimate disruption can result in utter chaos.

How to manage communications failure

The ISF recommends creating standard procedures for alternative

communications during a communications failure. While this approach might
help during the attack, it doesn’t offer a solution to prevent it. Often, the best
way to prevent an attack is to predict it. A Security Operations Center (SOC)
can help you analyze, monitor, and manage a multitude of security systems. A
SOC operates 24/7 to provide you with incident response, threat intelligence,
and rapid analysis.

Risk 5: Government surveillance expose corporate secrets

Governments have begun creating surveillance legislation that grant gain access
to data owned or managed by communications providers. While the intention is
to monitor terrorist activities, the data collection may include other forms of
information, including corporate secrets. As more governments follow this
trend, cybercriminals may soon try to gain access to the data.

How to protect corporate secrets

While companies can’t prevent governments from collecting their data, there
might be ways to prevent unauthorized use. The ISF recommends working with
communication providers to establish standard metadata storage regulations,
conducting regular risk assessments, and keeping track of stored metadata on a
regular basis.

Risk 6: Cryptocurrency hijacking attacks reach new levels

Cryptocurrency hijacking attacks infect computers with malware that grants the
attacker use of the victim’s hardware resources. For example, infecting a
computer with malware that uses the processors for cryptocurrency mining.
Cryptocurrency hijacking attacks impact the overall performance of the
computer by slowing it down as the attacker gains a passive income.
Cryptocurrency hijacking attacks rise in popularity along with cryptocurrencies.

How to mitigate cryptocurrency hijacking attacks

Implement a detection and prevention strategy with a focus on education and
standard best practices. Teach employees to spot cryptocurrency hijacking
methods like phishing, install anti-cryptomining extension, and use endpoint
protection with cryptojacking detection. If you detect a cryptominer, you can
respond by blocking website-delivered scripts or purge browser extensions.

LO2

IT security solutions

We provide various IT security solutions with the necessary hardware in order

to protect companies and computer systems from hackers, fight against malware
and control the employees' access in the company.

In the present world of information with various complex hazards and malware,
it is highly important to protect the company's IT systems with more efficient
security measures. Such security measures help you to protect the computer
systems against hackers, fight against malware and control the employees' and
customers' access to the internal information.

 VPN or Virtual Private Network – a solution that allows the

establishment of a safe connection to the company's internal network
through an unsafe channel. The VPN connection ensures safe data
communication for users outside the office and allows the connection of
several office networks into a joint network.
 Clever firewall solution – prevents the access of unauthorised users to the
company's private networks and blocks the spread of malware attacks from
the unsafe external network to the more protected internal network.
 Intrusion detection and prevention – allows the analysis of network traffic
and the protection of the network from advanced attacks.
ByteLife provides the IT security solution as a full service covering all the
customer's needs: mapping and analysis, design, installation and maintenance of
the solution. In creating the network, ByteLife uses only high-quality network
equipment by world-renowned manufacturers such as Cisco, Meraki and
Brocade. Each part of the solution may also be ordered separately, for instance,
in cases where there is suitable hardware, however, not enough know-how to
configure or maintain it.

Mapping and analysis

Every IT security solution requires prior planning and mapping. The aim of the
security solution is to protect the information and software that are important for
the company and their loss or fall into the wrong hands could mean financial
damage. In the course of the consultation we discuss the wishes and concerns of
the customer and analyse the possible optimum network solutions. The offered
solutions consider both the present situation and the future plans of the
company. The mapping may be undertaken on a general level or in greater
detail, in case of which we will conduct a respective audit.

Developing the IT security solution

We provide full IT security service including firewalls, intrusion detection and
prevention, an overview of the company’s internal network and the respective
operations, secure access to office software etc. In creating the network,
ByteLife uses high-quality network equipment by world-renowned specialists
such as Cisco etc. We agree on the manufacturer's guarantee and maintenance
terms and include further support services for improved functioning. In the
given stage, we also negotiate the financing options with the customer
(purchase, operational leasing, lease etc).

IT security solution installation and implementation

The given stage includes various services related to the installation of the
selected IT security solution, including the installation and configuration of the
devices. Once the selected solution is installed, we will conduct thorough tests
and eliminate any possible errors.

Operation and maintenance

Pursuant to the agreed guarantee and maintenance terms, we will provide
administrative and maintenance services for the installed solutions. Similarly,
we will conduct monitoring and troubleshooting, if necessary, to ensure the
seamless operation of the solution. The maintenance service often includes also
regular reports or meetings providing feedback on the previous period and
agreeing on the plans for the next period.