Professional Documents
Culture Documents
CYB250 FinalProject Abu Alam
CYB250 FinalProject Abu Alam
Abu S Alam
As the organization deployed its own headset that helps communication between the
users, it is important to conduct a security audit to ensure the security of the new headset.
Because this headset is a communication device that is connected to the company network, it is
all the more important to conduct the audit to find and iron out the vulnerabilities in the new
system.
The most vulnerable part of any system is the human factor, or the users who use and
operate the system. The human factor is one of the most important aspects of a system. 85% of
data breaches happen due to human factor or the human element. This is coupled with low
security awareness and training. The end users must have proper training on the system that they
are using. These training and awareness programs must be held at regular intervals, with updates
in the training program as required. Proper and regular training and awareness programs educate
the users of what is at stake in the organization and helps incorporate the users as stakeholders as
the programs help the users be more informed. More informed and aware users help provide
Although the human factor is the most vulnerable of any system, it is the most required in
any system. It is the human who designs, operates, and maintains the system. Therefore, trained
and aware human factor is a necessity for the smooth running of the new technology.
The biggest human factor threat in security is insider threat. Insider threat is when a threat
or attack originates or helped along with employee or employees of the organization. These
threats and attacks can be unintentional, if the employees of the organization are untrained in
security practices, and unaware of the security risks. The threats and risks can also be intentional
on the employees’ part. The intentional threats can come from disgruntled employees, who feel
CYBER DEFENSE AND EMERGING TRENDS 3
they have been wronged by the organization. Insider threats can also come from outside users
gaining access to the systems legitimately, for example contractors, partners, or employees.
The risks associated with the human factor threats are not only the risks to data, but also
can cost an organization financially. In addition to loss of data, loss of reputation, an insider
attack can cost an organization on average between $300,000 and $900,000. Additionally, an
average time of two and a half to three months is required for an organization to contain the
insider attack.
To mitigate insider threats, different strategies have to be put in place and implemented.
Foremost, is the training and awareness of the employees. To prevent unknowing, or accidental
leaks, employees must e made aware of what resources are at risk , how those resources can be
compromised, and how the employees’ awareness can help reduce the risks. Another very
and IT security department (if one is present). The mutual co-ordination between these
departments is important as the IT and the security departments need to know from HR,
personnel details, in terms of change in staffing. With the timely information in staffing change,
the IT department can enable/disable access to the systems for employees as needed. If there are
employees who are on leave without pay, the HR department has to communicate that to the IT
department, so that employees’ access to the system, remote or on site, can be suspended for the
Technical controls such as comparing network traffic, file system access, endpoint
activity, and logins should be put in place to analyze, detect, and identify suspicious behavior.
The employment of user behavioral analytics or UBA is another effective insider threat
mitigation technique. UBA is works in stages, where the IT/IT security team gathers machine
CYBER DEFENSE AND EMERGING TRENDS 4
and user data over a period of time to establish normal behavior. The analysis can then be used to
detect out of the normal behavior such as unauthorized or unusual access, large data transfers,
Due to phishing scams becoming more sophisticated and common, insider threats to
breach the systems of an organization are becoming one of the major concerns. High level
stakeholders of an organization are falling victims to these social engineering and complex
phishing attacks. The consequences are that much bigger when employees with higher level
access fall victims to these attacks. In order to mitigate these attacks, regularly spaced training
and awareness programs must be held in addition to having a dedicated team looking for and
mitigating threats, technical controls, UBA implementation, and co-ordination and co-operation
To instill customer trust in an organization handling sensitive data, strategies must be put
in place to show the transparency, integrity, and security in every stage of collection and process
of data. This is also an important factor for the users within the organization to know that the
organization has strategies to protect data. Some of the strategies that comprise a good data
from data creation, storage, archiving, and finally delete that data. The next step in the strategy is
the management of data risk. To protect the data properly, the risks and threats that might affect
the data have to be identified and assessed. The data protection strategy must take the threats and
risks into consideration to mitigate the risks. Another major component of data protection
strategy is data backup and recovery. The strategy should spell out which data should be backed
The next step in the strategy is to implement and maintain proper controls. The proper
controls ensure that only authorized users have access to the system and the data. Data storage
management ensures the tasks related to where the data should be stored and managed. The next
step is data breach protection where steps are implemented to prevent unauthorized access to the
system and data. This step ensures the prevention of malicious attackers or insider threats from
unauthorized access. Another important aspect of data protection strategy is the maintenance of
the CIA triad. Data protection policies and procedures are an important step as the policies define
the steps taken to protect data, and the procedures explain how these policies are implemented.
Regulatory compliance is also another important part of the data protection strategy followed by
continuous monitoring, testing and reviewing of the policies and procedures. ("Data Protection
Data protection strategy is a very important step and a solution in case of a breach.
Because the technology is a communication technology, policies and measures should be put in
place to ensure that the risks and vulnerabilities of the system be reduced.
Even with a data protection strategy in place, there are considerable risks to the data.
First and foremost is the accidental exposure of the data, mainly due to the sharing of the data by
the employees, lose, mishandling of sensitive data either by accident, or the employees being
unaware of security policies. Here is another instance that calls for security awareness and
training programs in regular intervals. Other methods to mitigate this risk is the implementation
of data loss prevention technologies and superior access controls. Social engineering and other
The data protection strategy is perhaps most vulnerable to insider threats. Employees
either by mistake, or due to being compromised by attackers, or vengeful employees will know
CYBER DEFENSE AND EMERGING TRENDS 6
the ins and outs of the organization, how and where the data is stored, and how to retrieve the
data. Other risks to data protection strategies include malware and ransomware, as well as data
loss cloud storage. As numerous organizations are moving into third party cloud storage, from
A well implemented data protection strategy protects the data from being compromised
by malicious threat actors from outside the organization. The data protection strategy will also
protect valuable data, that is important for the organization. The data protection strategy also
eases the business processes. Perhaps the biggest reward for an organization properly
implementing a data protection strategy is that it increases the trust, accountability, and
credibility factor of the organization. Clients feel secure with the said organization handling the
data and knowing that the organization is compliant with regulations. Furthermore, a well-
established data protection strategy provides a better understanding of the data being collected,
thus making the management of the data easier. A data protection strategy should not be an
accomplishment, rather, should be a process. (J. Edwards, 2021). The data protection strategy
that an organization deploys, should constantly be monitored and updated, evolved, changed,
expanded, and adapted according to the needs of the organization as well as the risks and threats
Data encryption is a very useful tool in the data protection strategy. Several types of
encryption methods can be used to encrypt sensitive data. Advanced Encryption Standard or
AES, RSA, Data Encryption Standard of DES, and Twofish. In the case of the mobile headsets
for on-field technicians that connect to the on-site servers via technicians’ mobile Bluetooth
connectivity for communications and exchange of other data, RSA encryption would be best
recommended. As RSA is asymmetric protocol, using a private key and a public key, to encrypt
CYBER DEFENSE AND EMERGING TRENDS 7
and decrypt data packets, the communications between the office and the technicians would be
more secure. Because RSA uses two keys, it is stronger than symmetric algorithm. Due to this,
authenticity and confidentiality of the data can be ensured. Because the headset is an on-field
device communicating with the servers containing other data, it might be catastrophic if the
headset is lost or stolen, and a threat actor attempts to break into the company servers via the
headset. One big disadvantage of RSA is that the computations to generate the keys are too
complicated.
mathematics and the computations get advanced, the current lot of cryptographic algorithms may
become obsolete. Another security concern is that as key management and the authentication is
very complex mathematics, therefore, they undermine the strength of the best algorithms of
There are different types of network protection technologies that can be implemented for
the headset. Because this headset will be communicating on the company network, on the
company server, it is imperative that the network be secure. Some of the technologies that can be
used to secure a network are firewalls. Firewalls control incoming and outgoing traffic on a
network. They help to stop intruders trying to get into the network. Another important tool is to
segment the network, which reduces the risk of the data on the network being breached. The use
of VPNs are also another technology that can help protect the network. VPNs create a separate
secure tunnel for communications. As there will be email communications through the headset, it
A network firewall is the first line of defense against an attack. However, the first risk to
the firewall is insider threats. With an insider attack, the firewall becomes useless, and the
CYBER DEFENSE AND EMERGING TRENDS 8
network defenseless, as the insider conducting the attack, already knows the system. The insider
attacks can be thwarted, if, there are internal firewalls on top of the network perimeter firewall.
With the additional firewall, the IT/security team has more time to respond to the attack.
Updating the firewall with security patches also helps reduce the risks of attacks. The security
patches must be updated regularly as and when the patches become available. Even with the
latest patches, the network can still be vulnerable if the firewall configuration conflicts with
other settings. The conflicts can result in performance loss as well as failure to provide
protection. A lack of deep packet inspection is also another risk which reduces the effectiveness
of the firewall. Additionally, another common risks that firewalls face are DDoS attacks. (E.
Dosal, 2021)
The risks of improper network segmentation include greater attack surface, resulting in
bigger loss, as the attacker once gaining access will be able to move laterally within the network.
Additional risk of improper segmentation can mean the security team’s inability to detect an
attack and malicious behavior. With network segmentation properly implemented, these above-
Unless an organization enforces strict network segmentation, VPNs create security risks
in the sense that they provide a remote user with access to the whole system, which compromises
“least privilege”. With third party VPN providers, there is a lack of accountability, which in turn
poses a risk. Additionally, malicious threat actors use the services of VPNs to gain unauthorized
access to networks. VPNs are also susceptible to VPN hijacking, man-in-the-middle attacks,
malware infection, and DNS leaks. Even with these risks present, with strong authentication,
strong encryption algorithm, anti-virus, intrusion detection, and prevention tool support VPNs
provide security. Additional security can be achieved via strong default security for
CYBER DEFENSE AND EMERGING TRENDS 9
administration and maintenance ports, digital certificate support, support for logging and
auditing. With a combination of VPN and strict network segmentation, most risks related to
and comparing the online/machine behavior of an user over time than a technology. The
gathering and observation of the behavioral information of the users over a period of time helps
the security team notice any significant changes the user or users may have had, in terms of
which historically might not have been the case. The Context-Aware Social Behavioral Analytics
is an important tool to have and implement, as the end-users of a system are the most vulnerable
of the whole system, and at the same time, the most required asset of the system. Context-Aware
Social Behavioral Analytics can assist better in mitigating most of the risks associated with the
security policy will be important for the secure use of the headset. (Check Point Software, 2021)
CYBER DEFENSE AND EMERGING TRENDS 10
References
strategy-10-components-of-an-effective-strategy/.
https://www.itgovernance.co.uk/download/Cyber-Security-Audit-Sample-Report-v2.1.pdf.
Security Awareness Training Statistics and Trends. Security Mentor, Inc. (2021). Retrieved 29
statistics-and-trends.
What is Network Security? The Different Types of Protections - Check Point Software. Check
https://www.checkpoint.com/cyber-hub/network-security/what-is-network-security/.
Beheshti, A., Hashemi, V., & Yakhchi, S. (2019). Towards Context-Aware Social Behavioral
Analytics | Proceedings of the 17th International Conference on Advances in Mobile
Computing & Multimedia. Dl.acm.org. Retrieved 13 December 2021, from
https://dl.acm.org/doi/10.1145/3365921.3365942.
Brandau, P. (2017). Retrieved 13 December 2021, from https://deltarisk.com/blog/how-
insufficient-network-segmentation-increases-your-security-risk/.
Burleson-Davis, J. (2021). 7 Common VPN Security Risks & Issues | SecureLink. SecureLink.
Retrieved 13 December 2021, from https://www.securelink.com/blog/vpn-problems/.
Dosal, E. (2021). 5 Firewall Threats and Vulnerabilities to Look Out For. Compuquip.com.
Retrieved 13 December 2021, from https://www.compuquip.com/blog/firewall-threats-
vulnerabilities.
Edwards, J. (2021). 6 business benefits of data protection and GDPR compliance.
SearchDataBackup. Retrieved 13 December 2021, from
https://searchdatabackup.techtarget.com/tip/6-business-benefits-of-data-protection-and-
GDPR-compliance.
CYBER DEFENSE AND EMERGING TRENDS 11
Maayan, G. (2021). How to Mitigate Insider Threats: Strategies That Work | IEEE Computer
Society. Computer.org. Retrieved 13 December 2021, from
https://www.computer.org/publications/tech-news/trends/how-to-mitigate-insider-threats-
strategies-that-work.
VPN Security Risks: Best Practices for 2021 | eSecurity Planet. eSecurityPlanet. (2021).
Retrieved 13 December 2021, from https://www.esecurityplanet.com/networks/vpn-
security/#:~:text=These%20include%20VPN%20hijacking%2C%20in,while%20also
%20accessing%20the%20VPN.
White, T. (2021). Giac.org. Retrieved 13 December 2021, from
https://www.giac.org/paper/gsec/634/weakness-modern-cryptography/101458.