Pssst… we can write an original essay just for you.
Any subject. Any type of essay.
We’ll even meet a 3-hour deadline.
121 writers online
Cyber Threat Management (CMT) is different from Information Security in the sense that CMT is reactive and observational data driven while Information Security is preventive and is driven by risk, audit and compliance. Examples of cyber threats include suspicious network activity, viruses, root kit, malicious code phishing etc. Benefits of CMT are early detection of threat and instant recognition of potential attack. The need for cyber threat management is growing parallel to the digital world and IOT. This paper throws light on what cyber threat management is along with the current trends in the industries. It also highlights some key innovations, threats and weaknesses of CMT in current scenario. We include cases studies to show the impact of not have CMT in place and how intelligent the attackers have become with the rise of technology and then we present the learnings based on those case studies.
With the rise of automation with the advancements in technology, threats and attacks are becoming more and more intelligent and advance too. So the prevention of all threats and attacks is impossible. Outdated Cybersecurity defenses prove ineffective and as a result, organizations find it difficult to counter the attacks. Intelligently planned and sophisticated measures are required for Cyber threats, but we cannot prevent all the attacks, only the attacks we are able to detect can be prevented. So confusion clouds the organizations as to what can be done to secure their systems and how can the significant improvements be made, thus leaving a vast scope for research in this area.
For cyber threat management, technical solutions along with best general practices are required to be used for the prevention plan to be effective. Collection, analysis, sharing and leveraging intelligence must be done by threat protection tools. There is a need to regularly educate every level of staff to understand what threats, attacks and cyber security are and how should they deal with adversities. Organizations should not wait for the disaster to conduct the seminars, instead consistency is required. Investment and commitment of cybersecurity staff to their position is of utmost importance. Using their skills and valuable insights, they will be able to make great difference to the protection against threats.
With the rise of artificial intelligence, criminal ingenuity has advanced and has begun to use AI armed with threats, making the attacks more dreadful and systems vulnerable. Artificial Intelligence is likely to see an exponential growth, so human intelligence must outperform the AI for cyber threat management. II.
Ever since the evolution of industrial internet, industrial systems are open to the alien world making them more prone to cyber-attacks. Cyber-attacks today are not simple, but a series of planned and sophisticated events using a combination of technical skills, research and networking to test out new tactics to ameliorate the extent and reward of attack. Accenture recently surveyed 71pc of organizations and the reports throw light on top 5 cybersecurity trends of 2018.
The Rise of Iran- attackers and groups based out of Iran will continue to boost their capabilities to boot throughout the year. Development and deploying of repurposed ransomware will also be continued by Iranian attackers. Such ransomware may be used for future attacks by state sponsors organizations against governments.
Massive Issue of Supply Chain Threats – for this year, third party attacks were a key trend. No matter how crucial supply chains are for the enterprises, attackers target these networks to zone in on vulnerabilities. According to Accenture, audits are crucial since the trusted third parties will continue to be prime targets for intrusions.
Critical Infrastructure – There is a lot of work to be done by oil and gas industries for the preparation of emerging cyber risks. Training in the cybersecurity culture should be provided to the industrial staff and regular audits should be carried as recommended by Accenture.
Money is the motive behind advance and persistent attacks – reports show that restaurants and financial institutions were successfully targeted by groups such as Cobalt group and Fin7. Some groups sponsored by states also attack for the sake of grabbing money.
Cryptocurrency mining malware craze – cryptocurrency malware is fairly simple to use and provide people with a quick win and thus it emerged as one of the most popular malware this year. Reports show a movement from Bitcoin to Altcoins by the criminals, making Monero most popular currency in these cases. Rather than waiting for the incident to occur and then reacting, reports suggest that a continuous response model is required.
The internet is changing with the world and vice versa. With the rise of big data, depth and volume of corporate and data has increasing manifolds attracting cyber crooks and making the attack more rewarding for them.
Effect of government action on cybersecurity – artificial intelligence, IOT and block chain are on the rise exponentially and play significant role in cybersecurity space thus making policy frameworks stressful. Another alarming trend is the continuous intertwining of national security with state sponsored cyber-attacks. Assets, whether data or infrastructure should be assessed in future from risk point of view as politically motivated attackers might target them for state sponsored attacks.
Haves and have-nots of cybersecurity rise – with the increase in risk and complexity of cybersecurity, the resources needed for it are also increasing and becoming more and more complex. So in future, this may create “security divide”, where some of the individuals, businesses and even nations will not be able to properly deal with threats. Some users may be having the skills, knowledge and resources needed for cybersecurity while others may not and they will be at a disadvantage, thus creating a security divide. Talking at organizational level, some organizations might be having the resources to fight the attackers while it partners and providers, like banking services, ISP etc. may not thereby putting your business at security disadvantage. To promote security, a collaborative approach within the ecosystem is required.
Impact of IOT on organizations – in future, more devices will become connected to the internet, leading to an explosion of IOT. Range, scale, targets and severity of cyber-attacks will also increase. There will be more businesses entering the digital world some of which might be naive and too traditional that they lack experience, resources and awareness to fight cybercrime.
Secure the internet but not at the expense of convenience – what use is internet if it is not easy and convenient to use. Security measures in future may discourage users as today users complain about basic security implementations such as two factor authentication. With the systems becoming even more insecure, there will be a need for more complex and on a large scale implementation of security measures and practices. With more security measures, internet might not be as easy to use as it is today. So there will be tradeoff between security and usability. The investments in cybersecurity are expected to rise in future, but the obstacle will be awareness and making cybersecurity a priority. Even today, the priority of organizations is to collect data, rather securing it.
There have been several advancements in the field of cyber security due to the level of sophistication demonstrated in many attacks. A basic security policy which sticks to the traditional security mechanisms is prone to attacks. Methodical updates in security policies according to the trends as required which helps securing the information systems of organizations. In this paper, we focus on few of the technologies incorporated to provide enhanced information and cyber security.
Weak credentials can act as Achilles’ heel for computers, which could result in hackers gaining unauthorized access and compromising sensitive information of an organization or a government agency. Hardware based authentication is a trending emerging technology in security as they combine different hardware components with enhanced factors simultaneously for user identity validation. This technology can be crucially important when it comes to the Internet of Things (IoT) where any device that wants to be connected to a network of devices has the required authorization to the particular network.
There is a significant deal of interest in utilizing deep learning technologies such as artificial intelligence (AI) and machine learning for security system purposes. Similar to behaviour analytics, deep learning targets anomalous behaviour patterns. When data regarding potential system security threats is provided as input for machine learning and AI systems they can make optimal decisions to prevent attacks without human intervention. The system scrutinizes entities that have access to the system instead of the users. Organizations and agencies can utilize such systems and recognize malicious behaviour patterns and threats.
According to the 2018 Scalar Security Survey, the following are the key Cyber Security Weaknesses organizations tend to ignore.
Disparaging risks and vulnerabilities in outer connections – Most associations are neglecting to perceive that their security arrangements must likewise consider outside connections, similar to associations with providers, accomplices and outsiders. There have been extensive information breaks in the past where hackers got entrance through stolen credentials from outside vendors. Organizations can fortify their security arrangements by utilizing the NIST structure to examine their association and incorporate these outer connections, ensuring that their security convention protects the information exchange between the two. More than half of the organizations don’t consider outside connections in a comprehensive way and 16% of medium to extensive organizations don’t think about outsiders by any stretch of the imagination. That implies that there’s a great deal of opportunity to get better!
In-sufficient securities training for employees – Employees have for some time been thought of as a state of security shortcoming, yet we attempt to consider them seemingly the most imperative piece of the security border. Building up a culture of data security responsibility is elementary to a security program. A considerable measure of the time, shortcomings happen in light of the fact that employees aren’t appropriately prepared or overseen with regards to security protocols; however are main targets for attacks. At the point when protection is out of offset with threats, we see a concerning region of weakness. For instance, many associations don’t give formal training on updating computers and cell phone firmware and the importance of security patches and distinguishing attacks, such as phishing. Associations have a tendency to somewhat better equip their employees on how to utilize security technology or how to legitimately handle delicate information, however with them being primary targets, formal training and general briefing of all round security need to be prioritized.
Delay in security patches and fixes – Comprehensive security assessments are very essential and they have to be followed by a swift and organized response. Many organizations have difficulties prioritizing security updates and patches and their implementation. According to the NIST framework, they are divided into the following areas: PCs, Smartphones, On-premise databases, apps, servers, Web applications, Network equipment and Public cloud. Public cloud and Web Applications were two of the areas where timelines were a major issue. Many organizations had to wait over a year or so to update security patches and fixes. Security vulnerabilities exponentially increase in organizations which tend implement their security patches in a slow pace. Analysing which updates or fixes are important can be a major problem, external security companies that conduct security assessments need to have a clear picture about the priority so the organizations consulting them can stick to patches which are absolutely required.
Dated response planning – Regular updates and thorough documentation are required for security breach response plans along with updates to computes and networking equipment. According to the survey, about 68% of the organizations did not have a documented and methodically updated security incident response in place. The ones who seemed to struggle the most are smaller organizations where only about 12% of them had a documented and updated plan in place and 34% of the organizations admitted to have a plan which is informal and undocumented. Main reason for constantly updating these plans is that in the field of security, new types of attacks and technologies emerge often. Organizations must keep track and update as required according to the trend to further improve their security.
Phishing Attacks – Phishing attacks by email are unfocused, large number of emails is sent to a huge number of recipients whose goal would be to acquire sensitive data such as passwords and bank details. These details are enough for hackers to cause a breach in data. Usually a phishing email is hard to spot since it appears trustworthy and it directs the recipient of that email to an unsecured and malicious site. A more targeted form of phishing which appears to be from a trusted person or source for the recipient is called Spear-Phishing. Spear-Phishing attacks are usually focused on member of higher management in an organization or account owners with high privileges.
Insider Threats -Many of the recent data breaches, internal cybersecurity issues were caused by the employees of an organization. Insider threats can sometimes be unintentional, for example when an employee becomes a victim to a phishing email. But most of them would be with a malicious intent either due to dissatisfaction from the management or personal benefits with deals from rival organizations. Regardless, a threat from within is very hard to detect. Organizations have to incorporate regular monitoring of network to detect any malicious patterns and educate their employees on the security policies.
Denial of Service (DoS) – A Denial of Service (DoS) attack is usually accomplished when a website or a service is flooded with huge traffic by a hacker which exceeds its threshold. This attacks causes even authorized personnel to lose access to their services, resulting in a downtime of the service. Most common form of a DoS attack is distributed denial of service (DDoS), in this case the hacker floods traffic from a large number of IP addresses which makes it very difficult to differentiate between legitimate and attack traffic. According to the United States Computer Emergency Readiness Team (US-CERT), there are several symptomswhich help an organization in detecting a DoS attack. Few of the symptoms are slow network performance, unavailability of a service or website.
Malware – Software designed to harm the information systems, data or computer networks is called Malware. Malware can take forms of executable file, scripts or pretending to be other software which are legitimate. It will be created with a malicious intent in mind to act against the computer administrator. There are several types of malware such as Viruses, Trojans and Rootkit. Some recent breaches in cyber security were caused by ransomware (type of malware) attacks WannaCry and Petya/NotPetya. Malware can be prevented by antivirus software, firewalls and regularly updating computer firmware with security patches. Ransomware and Cryptocurrency mining malware are few of the types of malware which are trending in recent times.
Ransomware as the name suggests demands ransom after encrypting the files or erasing or blocking access to the files of an infected system. Usually the mode of accepted payment would be in Cryptocurrency such as Bitcoins. Victims of ransomware end up losing sensitive files, experience financial distress after paying the ransom, loss in productivity, lack of trust among clients after attack and several more problems. Ransomware can be prevented by keeping the systems up to date, using trusted and well known antivirus software and by backing up important and sensitive data. Cryptocurrency mining malware utilize a system’s processing power in an unauthorized way. Mining cryptocurrency requires the raw processing power of computer to solve complex equations. Using such malware provides the hacker access to processing power without paying for any expensive hardware. Since it utilizes only processing power of the system, signs of slow performance would be evident. This type of malware has the potential to render the system unresponsive or completely unavailable. Few of the means through which cryptocurrency-malware would infect the system is through downloading an infected application, installing a malicious browser extension or visiting a compromised website without adequate firewall protection.
To export a reference to this article please select a referencing style below:
Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.
Attention! this essay is not unique. You can get 100% plagiarism FREE essay in 30sec
Sorry, we cannot unicalize this essay. You can order Unique paper and our professionals Rewrite it for you
Your essay sample has been sent.
Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.Order now
Are you interested in getting a customized paper?Check it out!