Running head: CYBER DEFENSE AND EMERGING TRENDS 1

CYB250 Final Project Milestone

Final Project Submission

Cyber Defense and Emerging Trends Paper

Abu S Alam

Southern New Hampshire University

CYBER DEFENSE AND EMERGING TRENDS 2

As the organization deployed its own headset that helps communication between the

users, it is important to conduct a security audit to ensure the security of the new headset.

Because this headset is a communication device that is connected to the company network, it is

all the more important to conduct the audit to find and iron out the vulnerabilities in the new

system.

The most vulnerable part of any system is the human factor, or the users who use and

operate the system. The human factor is one of the most important aspects of a system. 85% of

data breaches happen due to human factor or the human element. This is coupled with low

security awareness and training. The end users must have proper training on the system that they

are using. These training and awareness programs must be held at regular intervals, with updates

in the training program as required. Proper and regular training and awareness programs educate

the users of what is at stake in the organization and helps incorporate the users as stakeholders as

the programs help the users be more informed. More informed and aware users help provide

better security for the organization.

Although the human factor is the most vulnerable of any system, it is the most required in

any system. It is the human who designs, operates, and maintains the system. Therefore, trained

and aware human factor is a necessity for the smooth running of the new technology.

The biggest human factor threat in security is insider threat. Insider threat is when a threat

or attack originates or helped along with employee or employees of the organization. These

threats and attacks can be unintentional, if the employees of the organization are untrained in

security practices, and unaware of the security risks. The threats and risks can also be intentional

on the employees’ part. The intentional threats can come from disgruntled employees, who feel
CYBER DEFENSE AND EMERGING TRENDS 3

they have been wronged by the organization. Insider threats can also come from outside users

gaining access to the systems legitimately, for example contractors, partners, or employees.

The risks associated with the human factor threats are not only the risks to data, but also

can cost an organization financially. In addition to loss of data, loss of reputation, an insider

attack can cost an organization on average between $300,000 and $900,000. Additionally, an

average time of two and a half to three months is required for an organization to contain the

insider attack.

To mitigate insider threats, different strategies have to be put in place and implemented.

Foremost, is the training and awareness of the employees. To prevent unknowing, or accidental

leaks, employees must e made aware of what resources are at risk , how those resources can be

compromised, and how the employees’ awareness can help reduce the risks. Another very

important mitigation technique is proper co-ordination between IT department, HR department,

and IT security department (if one is present). The mutual co-ordination between these

departments is important as the IT and the security departments need to know from HR,

personnel details, in terms of change in staffing. With the timely information in staffing change,

the IT department can enable/disable access to the systems for employees as needed. If there are

employees who are on leave without pay, the HR department has to communicate that to the IT

department, so that employees’ access to the system, remote or on site, can be suspended for the

duration of the holiday. (G. Maayan, 2021)

Technical controls such as comparing network traffic, file system access, endpoint

activity, and logins should be put in place to analyze, detect, and identify suspicious behavior.

The employment of user behavioral analytics or UBA is another effective insider threat

mitigation technique. UBA is works in stages, where the IT/IT security team gathers machine
CYBER DEFENSE AND EMERGING TRENDS 4

and user data over a period of time to establish normal behavior. The analysis can then be used to

detect out of the normal behavior such as unauthorized or unusual access, large data transfers,

and abuse of credentials. (G. Maayan, 2021)

Due to phishing scams becoming more sophisticated and common, insider threats to

breach the systems of an organization are becoming one of the major concerns. High level

stakeholders of an organization are falling victims to these social engineering and complex

phishing attacks. The consequences are that much bigger when employees with higher level

access fall victims to these attacks. In order to mitigate these attacks, regularly spaced training

and awareness programs must be held in addition to having a dedicated team looking for and

mitigating threats, technical controls, UBA implementation, and co-ordination and co-operation

between IT, IT security and HR departments. (G. Maayan, 2021)

To instill customer trust in an organization handling sensitive data, strategies must be put

in place to show the transparency, integrity, and security in every stage of collection and process

of data. This is also an important factor for the users within the organization to know that the

organization has strategies to protect data. Some of the strategies that comprise a good data

protection strategy. Data lifecycle management is a standardization process in the organization

from data creation, storage, archiving, and finally delete that data. The next step in the strategy is

the management of data risk. To protect the data properly, the risks and threats that might affect

the data have to be identified and assessed. The data protection strategy must take the threats and

risks into consideration to mitigate the risks. Another major component of data protection

strategy is data backup and recovery. The strategy should spell out which data should be backed

up, and how the data should be recovered in case of a breach.

CYBER DEFENSE AND EMERGING TRENDS 5

The next step in the strategy is to implement and maintain proper controls. The proper

controls ensure that only authorized users have access to the system and the data. Data storage

management ensures the tasks related to where the data should be stored and managed. The next

step is data breach protection where steps are implemented to prevent unauthorized access to the

system and data. This step ensures the prevention of malicious attackers or insider threats from

unauthorized access. Another important aspect of data protection strategy is the maintenance of

the CIA triad. Data protection policies and procedures are an important step as the policies define

the steps taken to protect data, and the procedures explain how these policies are implemented.

Regulatory compliance is also another important part of the data protection strategy followed by

continuous monitoring, testing and reviewing of the policies and procedures. ("Data Protection

Strategy: 10 Components of an Effective Strategy", 2021)

Data protection strategy is a very important step and a solution in case of a breach.

Because the technology is a communication technology, policies and measures should be put in

place to ensure that the risks and vulnerabilities of the system be reduced.

Even with a data protection strategy in place, there are considerable risks to the data.

First and foremost is the accidental exposure of the data, mainly due to the sharing of the data by

the employees, lose, mishandling of sensitive data either by accident, or the employees being

unaware of security policies. Here is another instance that calls for security awareness and

training programs in regular intervals. Other methods to mitigate this risk is the implementation

of data loss prevention technologies and superior access controls. Social engineering and other

phishing attacks also pose risks to data protection strategies.

The data protection strategy is perhaps most vulnerable to insider threats. Employees

either by mistake, or due to being compromised by attackers, or vengeful employees will know
CYBER DEFENSE AND EMERGING TRENDS 6

the ins and outs of the organization, how and where the data is stored, and how to retrieve the

data. Other risks to data protection strategies include malware and ransomware, as well as data

loss cloud storage. As numerous organizations are moving into third party cloud storage, from

on-site storage, the data protection strategy gets compromised.

A well implemented data protection strategy protects the data from being compromised

by malicious threat actors from outside the organization. The data protection strategy will also

protect valuable data, that is important for the organization. The data protection strategy also

eases the business processes. Perhaps the biggest reward for an organization properly

implementing a data protection strategy is that it increases the trust, accountability, and

credibility factor of the organization. Clients feel secure with the said organization handling the

data and knowing that the organization is compliant with regulations. Furthermore, a well-

established data protection strategy provides a better understanding of the data being collected,

thus making the management of the data easier. A data protection strategy should not be an

accomplishment, rather, should be a process. (J. Edwards, 2021). The data protection strategy

that an organization deploys, should constantly be monitored and updated, evolved, changed,

expanded, and adapted according to the needs of the organization as well as the risks and threats

to that data at the time.

Data encryption is a very useful tool in the data protection strategy. Several types of

encryption methods can be used to encrypt sensitive data. Advanced Encryption Standard or

AES, RSA, Data Encryption Standard of DES, and Twofish. In the case of the mobile headsets

for on-field technicians that connect to the on-site servers via technicians’ mobile Bluetooth

connectivity for communications and exchange of other data, RSA encryption would be best

recommended. As RSA is asymmetric protocol, using a private key and a public key, to encrypt
CYBER DEFENSE AND EMERGING TRENDS 7

and decrypt data packets, the communications between the office and the technicians would be

more secure. Because RSA uses two keys, it is stronger than symmetric algorithm. Due to this,

authenticity and confidentiality of the data can be ensured. Because the headset is an on-field

device communicating with the servers containing other data, it might be catastrophic if the

headset is lost or stolen, and a threat actor attempts to break into the company servers via the

headset. One big disadvantage of RSA is that the computations to generate the keys are too

complicated.

Cryptography consists of a number of complex mathematical computations. But as

mathematics and the computations get advanced, the current lot of cryptographic algorithms may

become obsolete. Another security concern is that as key management and the authentication is

very complex mathematics, therefore, they undermine the strength of the best algorithms of

cryptography. (T. White, 2021)

There are different types of network protection technologies that can be implemented for

the headset. Because this headset will be communicating on the company network, on the

company server, it is imperative that the network be secure. Some of the technologies that can be

used to secure a network are firewalls. Firewalls control incoming and outgoing traffic on a

network. They help to stop intruders trying to get into the network. Another important tool is to

segment the network, which reduces the risk of the data on the network being breached. The use

of VPNs are also another technology that can help protect the network. VPNs create a separate

secure tunnel for communications. As there will be email communications through the headset, it

is important to implement email security.

A network firewall is the first line of defense against an attack. However, the first risk to

the firewall is insider threats. With an insider attack, the firewall becomes useless, and the
CYBER DEFENSE AND EMERGING TRENDS 8

network defenseless, as the insider conducting the attack, already knows the system. The insider

attacks can be thwarted, if, there are internal firewalls on top of the network perimeter firewall.

With the additional firewall, the IT/security team has more time to respond to the attack.

Updating the firewall with security patches also helps reduce the risks of attacks. The security

patches must be updated regularly as and when the patches become available. Even with the

latest patches, the network can still be vulnerable if the firewall configuration conflicts with

other settings. The conflicts can result in performance loss as well as failure to provide

protection. A lack of deep packet inspection is also another risk which reduces the effectiveness

of the firewall. Additionally, another common risks that firewalls face are DDoS attacks. (E.

Dosal, 2021)

The risks of improper network segmentation include greater attack surface, resulting in

bigger loss, as the attacker once gaining access will be able to move laterally within the network.

Additional risk of improper segmentation can mean the security team’s inability to detect an

attack and malicious behavior. With network segmentation properly implemented, these above-

mentioned risks can be mitigated. (P. Brandau, 2017)

Unless an organization enforces strict network segmentation, VPNs create security risks

in the sense that they provide a remote user with access to the whole system, which compromises

“least privilege”. With third party VPN providers, there is a lack of accountability, which in turn

poses a risk. Additionally, malicious threat actors use the services of VPNs to gain unauthorized

access to networks. VPNs are also susceptible to VPN hijacking, man-in-the-middle attacks,

malware infection, and DNS leaks. Even with these risks present, with strong authentication,

strong encryption algorithm, anti-virus, intrusion detection, and prevention tool support VPNs

provide security. Additional security can be achieved via strong default security for
CYBER DEFENSE AND EMERGING TRENDS 9

administration and maintenance ports, digital certificate support, support for logging and

auditing. With a combination of VPN and strict network segmentation, most risks related to

VPNs can be mitigated. (eSecurity Planet, 2021; J. Burleson-Davis, 2021)

One emerging technology in the field of security is Context-Aware Social Behavioral

Analytics. The Context-Aware Social Behavioral Analytics is more of a gathering, observing,

and comparing the online/machine behavior of an user over time than a technology. The

gathering and observation of the behavioral information of the users over a period of time helps

the security team notice any significant changes the user or users may have had, in terms of

unauthorized access or abnormal access, uploading or downloading massive amounts of data,

which historically might not have been the case. The Context-Aware Social Behavioral Analytics

is an important tool to have and implement, as the end-users of a system are the most vulnerable

of the whole system, and at the same time, the most required asset of the system. Context-Aware

Social Behavioral Analytics can assist better in mitigating most of the risks associated with the

human-factor. (Beheshti et al., 2019)

The implementation of robust security technologies on the network, and a proactive

security policy will be important for the secure use of the headset. (Check Point Software, 2021)
CYBER DEFENSE AND EMERGING TRENDS 10

References

Data Protection Strategy: 10 Components of an Effective Strategy. Cloudian. (2021). Retrieved

29 November 2021, from https://cloudian.com/guides/data-protection/data-protection-

strategy-10-components-of-an-effective-strategy/.

Itgovernance.co.uk. (2021). Retrieved 29 November 2021, from

https://www.itgovernance.co.uk/download/Cyber-Security-Audit-Sample-Report-v2.1.pdf.

Security Awareness Training Statistics and Trends. Security Mentor, Inc. (2021). Retrieved 29

November 2021, from https://www.securitymentor.com/security-awareness-training-

statistics-and-trends.

What is Network Security? The Different Types of Protections - Check Point Software. Check

Point Software. (2021). Retrieved 29 November 2021, from

https://www.checkpoint.com/cyber-hub/network-security/what-is-network-security/.

Beheshti, A., Hashemi, V., & Yakhchi, S. (2019). Towards Context-Aware Social Behavioral
Analytics | Proceedings of the 17th International Conference on Advances in Mobile
Computing & Multimedia. Dl.acm.org. Retrieved 13 December 2021, from
https://dl.acm.org/doi/10.1145/3365921.3365942.
Brandau, P. (2017). Retrieved 13 December 2021, from https://deltarisk.com/blog/how-
insufficient-network-segmentation-increases-your-security-risk/.
Burleson-Davis, J. (2021). 7 Common VPN Security Risks & Issues | SecureLink. SecureLink.
Retrieved 13 December 2021, from https://www.securelink.com/blog/vpn-problems/.
Dosal, E. (2021). 5 Firewall Threats and Vulnerabilities to Look Out For. Compuquip.com.
Retrieved 13 December 2021, from https://www.compuquip.com/blog/firewall-threats-
vulnerabilities.
Edwards, J. (2021). 6 business benefits of data protection and GDPR compliance.
SearchDataBackup. Retrieved 13 December 2021, from
https://searchdatabackup.techtarget.com/tip/6-business-benefits-of-data-protection-and-
GDPR-compliance.
CYBER DEFENSE AND EMERGING TRENDS 11

Maayan, G. (2021). How to Mitigate Insider Threats: Strategies That Work | IEEE Computer
Society. Computer.org. Retrieved 13 December 2021, from
https://www.computer.org/publications/tech-news/trends/how-to-mitigate-insider-threats-
strategies-that-work.
VPN Security Risks: Best Practices for 2021 | eSecurity Planet. eSecurityPlanet. (2021).
Retrieved 13 December 2021, from https://www.esecurityplanet.com/networks/vpn-
security/#:~:text=These%20include%20VPN%20hijacking%2C%20in,while%20also
%20accessing%20the%20VPN.
White, T. (2021). Giac.org. Retrieved 13 December 2021, from
https://www.giac.org/paper/gsec/634/weakness-modern-cryptography/101458.