Professional Documents
Culture Documents
Assignment 2
Assignment 2
VERSION ENGLISH
SIGNATURE
TABLE OF CONTENT
Management System
6. Security Measure 4: Installing Website Security Tools 7-8
7. Conclusion 9
8. Bibliography 10
1. EXECUTIVE SUMMARY
As we are advancing into the new decade, it is totally undeniable that the whole world is now
increasingly dependent on Internet of Things (IoT). Almost all the economic activities and social
interaction have shifted to portable devices and internet including corporate meetings, business
transactions, researches, etc. It is also notable that as most of the of human activities have moved
into the cyber space, the rate of cyber-crimes has also risen up exponentially. These cyber-crimes
are more serious compared to other crimes due to the characteristics of internet and complex
network architecture. The scope of anonymity and the global nature of internet is also an
encouraging factor for them to commit cyber-crimes. There are various form of cybercrimes being
committed around the world, such as phishing, botnet, spoofing and denial of service attacks
(DdoS) that may cause great amount of data or financial to the victims. It is highly necessary for
IoT users to understand the different types of cybercrimes the prevention techniques to make sure
they build a solid defensive barrier against cybercrimes. This essay basically describes on how
users or companies could defend themselves against cyber criminals and how some of the
common methods used by hackers to penetrate into the system. Four main security measures
have been explained in depth for the reader to fully understand the objective, functionality and
I greatly feel that it is important for every IoT users and emerging companies to educate
themselves about the above-mentioned security measures to avoid being another victim to a
cybercrime. Following these measures will not only aid them in defending against malwares and
other form of attacks, but also to patch up the existing vulnerabilities in their systems or devices.
1
2. INTRODUCTION
The year 2020 has offered a lot of promises to introduce a set of mind-boggling new technologies
as mega Information Technology companies such as Apple, Google and Amazon began to
explore into the smart home technology (IoT) markets. Resulting from the huge amount of
sectors, machine learning and artificial intelligence has expanded exponentially in the workplace,
increasing the performance efficiency. Not forgetting to mention the entertainment sector,
thousands of new leisure applications and virtual reality games will be also released from time to
time. However, there is one vital question which must be pondered upon all these innovations and
inventions; With all these new technologies, will we be finally able to overcome the existing cyber
answer is a ‘NO’. In fact, every newly introduced technology comes with a new set of
vulnerabilities to we worried about. Exacerbating the situation, it is more concerning that IoT users
are trading their security for convenience neglecting the terrible consequences may happen. The
new decade has deliberately opened the door towards extraordinary possibilities for data
breaches and other cyber-attacks. It is highly necessary for every individual to learn on how to
protect their data and confidential information from hackers and other cyber threats. These attacks
and breaches will not only be focused on individual users, but corporate companies will also be
facing more cyber warfare as IoT vulnerabilities will expand the cyber-attack threats. According to
security report issued by Fultura (a well-known network specialist company), it is stated that last
year itself, there were many information technology-based companies fallen victim to a cybercrime
involving a malware named as ‘Ransomware’. One major deduction that can be made from these
unfortunate events are that the main cause of these happening is largely because of poor security
measures that were taken by those companies. Inevitably, corporations will for sure face
advanced cyber threats in any markets and in order to keep themselves protected from such
2
issues, they must build a solid security defence and implement plans and strategies to counter
First and foremost, the basic and most essential security measure to be taken is to install a
reliable internet security or anti virus software on your smartphones, laptops, tablets and other
devices. The importance of implementing an antivirus software carries more weightage for
companies as they hold multiple user data and other valuable assets. A reliable internet security
software should be able to provide real-time protection against existing, evolving and emerging
cyber threats, including the now trending ransomware and other viruses. Most of the IoT users
and companies are not going for premium or advanced antivirus softwares mainly because they
are unaware about the vulnerabilities in their devices or simply negligent towards the cyber-
attacks happening around the world. It highly recommendable to implement a premium antivirus
software (paid) rather than downloading a free antivirus software as the downloaded free antivirus
itself could be a carrier for new viruses or malwares. As there are thousands of premium antivirus
softwares out in the market, how we could evaluate the effectiveness and efficiency of a software
in protecting our devices? There are three essential features that you should look for in any
antivirus softwares before installing it to your devices which are, real-time scanning, protection for
multiple apps and could fight against all type of malwares. Despite that all existing antivirus
3
softwares are specifically developed to detect malwares and viruses, the method of detecting is
not the same for all the softwares. The not so technologically advanced softwares will depends on
the user to run a manual scan to detect if malwares are present in the system, while the advanced
softwares consist of automatic scanning features that will consecutively check your devices for the
presence of any malwares. Threats may exist literally anywhere across the entire system of apps
and services in our device. From the newly received emails to social media platforms and
certainly the web browser, malicious malwares can enter into our system through various point of
sources. Hence, installed antivirus programs should be providing protection for multiple vulnerable
applications from potential cyber threats. Spyware, bots, viruses, trojans, etc., there are various
form of malwares that can penetrate your system and harm it. Ineffective softwares are
sometimes developed only to identify a specific type of malware, mostly viruses only. It is highly
advisable to go for an antivirus software that can effectively detect all form of malwares and
eliminate them.
The following security measure to be focused is to use a strong and unique passcode for
your devices, Wi-Fi networks and for the important applications or accounts within your device.
Cybersecurity experts continually recommend the usage of strong, unique passwords as one
this has been also the least commonly followed recommendations as users find it difficult to
manage and remember unique and strong passwords for every login process. There are several
reasons behind this recommendation - the main reason would be that every day malicious cyber
criminals undermines online accounts and website and expose lists of usernames and passwords
online. This exposes not only a user’s password but also with info which are uniquely associated
with the user, such as their email address. Holding such personal info, a cyber criminal may start
4
to mine other accounts associated with the same email address or username, such as banking
accounts, work-related or social media accounts. When the cyber criminal manages to find those
accounts, he/she may try to log in with the exposed password and if the user has reused the
same password for all the associated accounts, then the criminal gains an easy access to the
accounts. This is basically why every password created should be different from one another.
Adding on, when the hacker could not easily crack or guess the passcode, they will use a
technique called brute forcing. Brute forcing is reverse cryptography technique through which they
will try every possible key until the matching password is identified. Brute force softwares can
generate thousands of passwords for every second, but for all this effort to be worthy, the hacker
needs the passcode to be easily identifiable, which is why cyber security experts recommends
users to create a strong password. The stronger a password is, the lesser the possibility of brute
characters and includes combination of uppercase and lowercase letters, symbols, and number.
As for companies they should also set unique and strong passwords for every device within their
organization to block both internal and external unauthorized access to their assets. It is highly
recommended for all companies to implement a high-quality encryption tools to protect their
devices from being illegally penetrated. For instance, Symantec Encryption Desktop, one of the
reliable encryption tools, which provides comprehensive security for desktops and laptops, making
it possible for enterprises, workgroups, and individuals to protect their sensitive information.
Utilising advanced encryption tools, enterprises will be also able to encrypt files, emails and
applications which are shared among the workgroups internally and externally. As a conclusion,
we can deduce that having a unique and strong password is essential to protect the accounts
from being exposed through cracking methods such brute forcing and it is also important to
implement a reputable password managing tool to provide a strong protection to the passwords.
5
Image 1: Two of the Most Reputable Password Management Tools
vulnerability management system to their environment to identify and minimize the risk of having
the vulnerabilities in their system. Security vulnerabilities are more like loopholes in the
environment, through which malicious malwares may penetrate the systems. For instance, if there
are any unidentified vulnerabilities exist in the communication architecture in between a trusted
client and a server, there are chances for a malicious actor to exploit the loop hole by executing
‘Man in the Middle’ attack where the attacker may substitute the client’s IP address with its own
while the server continues the communication. Such attacks are highly dangerous as the attacker
could access all the info from the server, may further obtain access towards other systems or
servers and more alarmingly, the organization won’t be even aware of these happenings. A
vulnerability management system. Based on the survey data cited on the article, companies that
“suffered a breach, almost 60% were due to an unpatched vulnerability.”, in other words, the data
breaches could be easily prevented with a solid vulnerability management plan which would have
applied critical patches to the vulnerabilities before attackers exploit the vulnerabilities.
Implementing a vulnerability management system will aid the company in identifying, evaluating
and treating on security vulnerabilities in the softwares and systems in which they run. This is
6
highly necessary for companies to prioritize possible threats and minimalize the risk of the
keep up with the newly added systems to the network or changes made to the existing systems
and the newly identified vulnerabilities over time. In a nutshell, implementing a vulnerability
management system as a prevention step is always better than spending millions for retrieving the
the cyber-crime victims has fallen for phishing scams. Phishing scam is a classic online forgery
method where the attacker will send emails that are imitative of reputable entities like credit card
companies, banks and online resources to deceit the victims into sharing their personal and
financial information. Hackers may also trick online users into downloading files or free softwares
which contains malwares or by inject malwares as they click malicious adds. The targets may be
directed to malicious web sites also posing as legitimate sites where they will be asked to enter
login credentials and other personal information the attackers can use to commit identity theft. So
7
how could online users protect themselves from being a prey for the phishing scam? The most
effective way is to install a web security tool to their devices and home/work network. There are
plenty of features in a web security tool that an online user or company could get benefited from.
Web security tools have the ability to crosscheck a website against the website security
authorities such PhishTank and McAfee to make sure the website is safe to be browsed and these
tools would also identify if an accessed website is running an outdated CMS or vulnerable plugins
and extensions which could harm the user’s endpoint. In some technologically advanced
companies, they have implemented encryption tools which will encrypt every data shared online
from a device. Only if a receiver has the valid key to decrypt the data shared, he/she will be able
8
7. CONCLUSION
Implementing and following all the above-mentioned security measures would guarantee a
solid protection barrier around devices either at home or in a company environment against all
to monitor our own activities. Users should always think twice before clicking on an online ad or
downloading a file from an unknown website and always keep in mind to research the source of
any suspicious mail or pop-up messages before interacting with them. One should never expose
his/her personal and private information on social medias or any open platform. Cybercriminals
can often accumulate victim’s personal data with just a few data points, so the less we expose in
public platform, the secure we are. Every human resource management department should bear
the responsibility to educate the employees on the secure ways to browse online and to share
files internally and externally. As we greatly benefited from the advancement of technology, it also
very crucial to always keep ourselves updated with latest security upgrades to keep our data and
devices safe. In conclusion to this essay, fighting against cybercrime is everybody’s responsibility
and every user should think of it as an obligation to do their part in the fight against cybercrime.
Let us all work towards a technologically secure future for the well-being of the humankind.
SECURITY
MEASURES
IMPLEMENTING INSTALLING WEB
VULNERABILITY SECURITY TOOL
MANAGEMENT SYSTEM
9
8. BIBILIOGRAPHY
EBOOKS
WEBSITES
Year of
Author’s
No. Publicatio Article Name Website
Name
n
10