Cyber Security Issues And Recommendations For JL Company In Perth, Australia - Essay.

JL is a smallaccounting company residing in Perth, Western Australia. JLcurrently employs five people – none of whom hasany IT expertise or literacy. There are plans to expand the number of employees to at least 10.The boss’s 17-year-old niece was responsible for all computer and network related matters for the past two years. JL are progressively moving into the online market and have started communicating and sending confidential documents to its clients using a variety of online services. In recent months, employees have noticed; computers progressively operating slower, and random malware inspired popups are being displayed. The following list contains an overview of the current situation within JL:

• The SOE consists of Windows 10 laptops, all of which are currently updated with the most recent Microsoft updates.
• None of the laptops contains any security software.
• Internet access is via ADSL using a D-Link DSL-2740B wireless router.
• A QNap TS-412 NAS is used to backup workstation data (at each employee’s discretion) using WinSCP. The username/password for the NAS admin account is admin/admin.
• A Windows 2000 Server was previously operational in the organisation but a power surge resulted in the power supply no longer functioning.
• Each employees receives on average 40 spam messages each day.
• In July 2017 – two workstations succumbed to a ransomware attack and JL paid the ransom.
• There are currently no policies or rules guiding employees on how to best utilise resources and conform to ideal cyber security conscious behaviours.
• Employees can access each other’s computers and email accounts.
• Confidential data is emailed/stored without using any cryptographic techniques.
• Last week an employee found a USB flash drive in the car park and plugged it into their computer. Since then, the employee has claimed that the computer appears to have “a mind of its own”.

You have been hired to develop a range of recommendations to ensure JL can fulfil current and future client requests. The employees are comfortable, and reluctant to change their current cyber security behaviour. Many of the employees believe that the company is functioning correctly and does not need a new cyber security operational model. JL’s manager is committed to addressing the cyber security issues and improving the culture of the workplace.

The manager has requested that you compile a small, succinct report addressing five (5) critical cyber security issues. In producing your solution, you should address the following requirements:

• Why the chosen cyber security issue should be addressed immediately.
• A detailed explanation/demonstration of how you propose to address the issue.
• Why is your chosen solution better than alternative approaches (i.e. clearly compare/contrast your solution to alternatives).
• A detailed breakdown of the cost in addressing the selected issue.

JL's Current Situation

Information security is one such aspect of any organization that should be kept under monitoring and should always be considered by all managers and leader within the organization. There have been incidences in the past where different companies across the world have been seen to be victimized under attacks from hackers as well as malicious threats, which in turn resulted in tax frauds and other kinds of cybercrime. This is a threat that is getting increasingly serious for the organizations and has to be urgently addressed by the security professionals that are hired by the companies.

This report will highlight the different aspects of a company called JL, which has recently faced security related issues within the organization. The company has also paid a ransom money claimed by the hackers, based on a recent ransom ware attack within the organization. The managers are looking forward to secure the laptops and computers of the employees with some security program since the computers do not have any kind of security programs at the present.

Firstly, it is important to understand the different aspects and the issues faced by the company called JL. JL is an accounting company based in Perth, Australia, which presently consists of five people. Presently, the boss’s 17-year-old niece is handling all the computer operations since there is no other computer literate person within the organization. The company is planning to recruit more people. In the recent past, the company has experiences its computers getting slow as well as malware and ransom ware attacks for which the company had also paid huge amount of money to the hackers. None of the computers presently have any security software’s installed in them This report will take into consideration the different security updates and suggest ways to strengthen the security concerns within the organization. The employees receive around 40 spam messages every day and they can access each other’s computers as well as email accounts, which is not ethically correct for the organization. No encryption method is used to store all the confidential data within the computers. The organization is looking forward to eliminate these issues and increase the security of the information. Presently there are no fixed organizational policies that guide the employees to abide by the security policies within the organization. The employees in JL are not much computer friendly and do not seem to have much idea about cybercrimes and malicious attacks that the employee computers can be subject to.

Issues and Challenges

The five most critical issues faced by the company can be summarized below as:

• Ransom ware attacks:

Ransom ware is a malicious application or software that attacks the computer of the victim and blackmails of exposing all his personal and confidential data if an amount of money is not paid (Lee & Lee, 2015). Two workstations within JL were recently attacked by ransom ware, for which the company also had to pay a huge amount of money. This is one of the major concerns for the company as of now and the threat has to be eliminated on an urgent basis.

• Cyber espionage:

The company has recently shifted to online services, which makes use of cloud computing, in order to transmit data to its clients electronically. This again has associate risks of intrusion from the hijackers as well as virus infections over the network. Recently the organizations has noticed ever since it shifted to online services, that its computers have become excessively slow and random malware pop ups appear on the screen (Carroll, 2014).

• Vulnerability of server less applications:

This is again a major concern of the organization, since ever since it shifted to online cloud services, the applications that it had in its database were more susceptible to attacks form the hackers. None of the laptops of the employees have any kind of security software installed, thereby exposing the confidential data in the systems to more virus infections. There is also a risk of virus infections in the computers since there are no anti-virus programs installed in the computers (Lewis & Baker, 2013).

• Employee vandalism:

This is again a major concern for the company since recently an employee found an external USB drive plugged into his laptop in the car in the parking area that could also have been done by any of his fellow colleague to purpose cause harm to the data stored in his computer. It could be done for revengeful mentality of the employees towards each other or towards the organization as a whole. This can cause loss or theft of important data by the employees themselves for their personal interest etc. This issue should also be addressed urgently within the organization (Kirwan & Power, 2014).

• Encryption of confidential data:

Important data should be stored in an encrypted format in the systems so that there is no risk of data risk and privacy breach within the organization, even if the data is stolen, which is presently not being done by the organization.

• Virus infections:

Recommendations for Cyber Security

This again is a major issue of the organization since the employees have recently reported a slow operation of the laptops. A particular employee have also recently reported that ever since had noticed a pen drive connected in his laptop in his car his computer had started working on its own and seems to have a different brain altogether. Employees also tend to have a mentality that they are okay with the virus infections on their system and claim that their systems are working fine. They need to overcome this mentality and allow the managers within JL to look forward to ore secure information systems within the organization for the overall benefit of the company.

Artificial intelligence is the chosen method to remove the threats associated to the cyber-attacks and the other security issues faced by JL. Robots can help immensely in improving the present state of security. Most of the processes gets automated and much safer and faster by the implementation of artificial intelligence within the organization (Rehman & Saba, 2014). The advantages of artificial intelligence over other techniques can be explained below as:

• Robots need not be paid or given a salary on hourly basis. They work for free once deployed with an initial cost. In other techniques such as hiring more security personnel or implementing antivirus programs, it involves more cost factors for the organization (Pieprzyk, Hardjono & Seberry, 2013).
• Second important benefit is that robots can work for long hours uninterrupted without taking breaks, unlike human beings, thereby ensuring round the clock security of all data servers’ information across the systems (Vertut, 2013).
• Thirdly, the most important aspect of artificial intelligence is that it keeps a real-time track of who accessed what data at what point of tie and from which system, which is an audit trail feature of the robots (Dilek, Çak?r & Ayd?n, 2015). This in turn also limits the access to the important data thereby eliminating the possibilities of outsider intrusions, thereby reducing virus and malware infections as well. It also stores information in a cryptographic encrypted format in the systems (Brown, 2015).

The robots that will be incorporated within JL will excel at monotonous and hazardous tasks and will help in bridging the security gap between artificial intelligence and the response of human. They will be monitoring the usage of the systems as well as implementing network security measures such as virtual firewalls within the organization (McGuire & Dowling, 2013). The username as well as the password for the QNap TS-412 NAS data backup server will also be stored only by the artificial intelligence system and not be known by the employees of the organization. This will ensure optimum information security in the computers within the organization (Boden et al., 2017). The different cost factors have also been discussed in the detailed cost analysis that is also been presented along with this report. This will give the manager a clear idea regarding the cost factors that they have to take into consideration at the time of implementing artificial system security policies. If these security policies can be successfully implemented within the company, JL will be able to reach new heights in its security domain altogether.

Conclusion:

Therefore, it can be conclude by saying that JL is performing well and looking forward to expand its business and hire more employees. However, it should also take the different computer security threats into consideration that it is presently facing within the organization. The technology of artificial intelligence has been proposed to the company due to its different advantages that it has over other technologies such as lower cost factors and automated security monitoring processes unlike other techniques. Other precautions can be taken by the organization such as installing security programs such as Kaspersky internet protection I all the systems of the employees and creating their separate login ids, so that employees cannot access each other’s laptops within/outside the workplace. The company can achieve great security features, provided the above discussed mitigation techniques and artificial intelligence is properly incorporated within the workforce.

References:

Boden, M., Bryson, J., Caldwell, D., Dautenhahn, K., Edwards, L., Kember, S., ... & Sorrell, T. (2017). Principles of robotics: regulating robots in the real world. Connection Science, 29(2), 124-129.

Brown, C. S. (2015). Investigating and prosecuting cybercrime: Forensic dependencies and barriers to justice. International Journal of Cyber Criminology, 9(1), 55.

Carroll, J. M. (2014). Computer security. Butterworth-Heinemann.

Dilek, S., Çak?r, H., & Ayd?n, M. (2015). Applications of artificial intelligence techniques to combating cybercrimes: A review. arXiv preprint arXiv:1502.03552.

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.

Kirwan, G., & Power, A. (2014). What is cyberpsychology. Cyberpsychology and New Media: A Thematic Reader, 3-14.

Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises. Business Horizons, 58(4), 431-440.

Lewis, J., & Baker, S. (2013). The economic impact of cybercrime and cyber espionage. McAfee.

McGuire, M., & Dowling, S. (2013). Cyber crime: A review of the evidence. Summary of key findings and implications. Home Office Research report, 75.

Pieprzyk, J., Hardjono, T., & Seberry, J. (2013). Fundamentals of computer security. Springer Science & Business Media.

Rehman, A., & Saba, T. (2014). Evaluation of artificial intelligent techniques to secure information in enterprises. Artificial Intelligence Review, 42(4), 1029-1044.

Vertut, J. (Ed.). (2013). Teleoperation and robotics: applications and technology (Vol. 3). Springer Science & Business Media.