Republic of the Philippines

BILIRAN PROVINCE STATE UNIVERSITY

Naval, Biliran

SCHOOL OF GRADUATE STUDIES

Master of Arts in Education (MAEd)

INFORMATION MANAGEMENT SYSTEM

Professor: Dr. Reynold G. Bustillo

Submitted by: Jhun Mar T. Bello, MAEd-Elem

In The Context of Cyber Safety and Security

Today's cybercriminals are not part-time amateurs or script kiddies but rather
state-sponsored adversaries and professional criminals looking to steal
information and make large amounts of money. Disruption and vandalism
are still prevalent, and espionage has replaced hacktivism as the second
main driving force behind cyberattacks -- after financial profit. With these
different motives and the increasing sophistication of attackers, many
security teams are struggling to keep their IT systems secure.

A cyberattack is an attempt by cybercriminals, hackers or other digital

adversaries to access a computer network or system, usually for the
purpose of altering, stealing, destroying or exposing information.

Now, there are common examples of Cyber Attacks:

1. Malware - or malicious software, is any program or code that is created
with the intent to do harm to a computer, network or server. Malware is
the most common type of cyberattack, mostly because this term
encompasses many subsets such as ransomware, trojans, spyware, viruses,
worms, keyloggers, bots, crypto jacking, and any other type of malware
attack that leverages software in a malicious way.

2. Denial-of-Service (DoS) Attacks - is a malicious, targeted attack that

floods a network with false requests in order to disrupt business operations.
In a DoS attack, users are unable to perform routine and necessary tasks,
such as accessing email, websites, online accounts or other resources that
are operated by a compromised computer or network. While most DoS
attacks do not result in lost data and are typically resolved without paying
a ransom, they cost the organization time, money and other resources in
order to restore critical business operations. DoS attacks originate from
just one system while DDoS attacks are launched from multiple systems.
DDoS attacks are faster and harder to block than DOS attacks because
multiple systems must be identified and neutralized to halt the attack.

3. Phishing - is a type of cyberattack that uses email, SMS, phone, social

media, and social engineering techniques to entice a victim to share
sensitive information — such as passwords or account numbers — or to
download a malicious file that will install viruses on their computer or
phone.

4. Spoofing - is a technique through which a cybercriminal disguises

themselves as a known or trusted source. In so doing, the adversary is able
to engage with the target and access their systems or devices with the
ultimate goal of stealing information, extorting money or installing
malware or other harmful software on the device.

5. Insider Threats – are internal actors such as current or former employees

that pose danger to an organization because they have direct access to
the company network, sensitive data, and intellectual property (IP), as
well as knowledge of business processes, company policies or other
information that would help carry out such an attack. Internal actors that
pose a threat to an organization tend to be malicious in nature. Some
motivators include financial gains in exchange for selling confidential
information on the dark web, and/or emotional coercion using social
engineering tactics, such as pretexting or business email compromise
(BEC) attacks. On the other hand, some insider threat actors are not
malicious in nature but instead are negligent in nature. To combat this,
organizations should implement a comprehensive cybersecurity training
program that teaches stakeholders to be aware of any potential attacks,
including those potentially performed by an insider.

According to my research, there are ten ways to mitigate cybersecurity risk.

1. Encrypt Your Data and Create Backups - Make sure all your sensitive
data is encrypted. Data encryption, on the other hand, limits data access to
parties that have the encryption key. It also ensures that even when
unauthorized parties gain access to the data, they can't read it. You should
also conduct regular backups for your important information.

2. Conduct Regular Employee Training - Let your employees know of the main
forms of cybersecurity attacks and the best ways to prevent them. You
should also emphasize the importance of checking email addresses before
replying to them and checking links before clicking on them. Finally, don't
forget to highlight the organizational policy when it comes to sharing sensitive
information, even on social media.

3. Keep Your Systems and Software Updated - make sure you use a patch
management system to automatically manage all updates and uphold
information security.
4. Use Strong Passwords – Some of the security risk mitigation strategies you
should implement when it comes to passwords include: All passwords should
contain at least 8 characters. They should contain alphanumeric characters.
They shouldn't contain any personal information. They should be unique and
never used before. They should ideally not have any correctly spelled words.
5. Assess and Monitor Your Vendors – First is Cybersecurity risk: onboard vendors
using the right strategies and monitor them throughout your relationship.
Second, Legal, regulatory, and compliance risk: ascertain that the vendor will
not impact your compliance with regulations, agreements, and local
legislation. Third, Operational risk: if the vendor is a critical aspect of your
organization, ensure that they won't disrupt your operations. And Fourth,
Strategic risk: ensure the vendor will not impact your ability to meet your
organizational objectives.
6. Reduce Your Attack Surface – Make sure you conduct an attack surface
analysis to determine your threat landscape, identify all your security gaps
and reduce the attack vectors.
7. Pay Close Attention to Physical Security - Conduct a security assessment
and determine whether your critical infrastructure is safe from security
breaches. You should also analyze your data protection policy and decide
whether or not it has data disposal strategies.
8. Put a Killswitch in Place - Having a killswitch protects you from large-scale
attacks. It is a form of reactive cybersecurity protection strategy where your
information technology department shuts down all systems as soon as they
detect anything suspicious until they resolve the issues.

9. Install Firewalls – A reliable system will effectively protect you from brute
attacks or prevent security incidents from causing irreversible damage. In
addition to this, firewalls monitor your network traffic to identify any suspicious
activity that could compromise your data integrity. They also prevent
complex spyware from gaining access to your systems and promote data
privacy.

10. Create a Secure Cybersecurity Policy – Go through your existing policies

and identify any loopholes they may have. Some of the guidelines you should
have in place include: Disaster recovery, Access control/management,
Security testing, and Incident response plan. Make sure your plan also has a
clause that highlights the consequences of data mishandling as well as the
legal steps that will be taken on employees that are the cause of a breach.
This will discourage insider attacks.

With these matters, as a teacher and as an individual in the community who

uses social media every day, I must be aware of this context of cyber safety
and security to protect my privacy and other important factors within my
personal space and information. Also, I must share my learnings with my
friends, family members, and other individuals who are new in using social
media to spread awareness and security. We must always remember the
words "Think Before We Click."