Cybersecurity Essay - JL Accounting Company's Issues And Solutions.

JL is a small accounting company residing in Perth, Western Australia. JL currently employs five people – none of whom has any IT expertise or literacy. There are plans to expand the number of employees to at least 10. The boss’s 17-year-old niece was responsible for all computer and network related matters for the past two years. JL are progressively moving into the online market and have started communicating and sending confidential documents to its clients using a variety of online services. In recent months, employees have noticed; computers progressively operating slower, and random malware inspired popups are being displayed. The following list contains an overview of the current situation within JL:

• The SOE consists of Windows 10 laptops, all of which are currently updated with the most recent Microsoft updates.
• None of the laptops contains any security software.
• Internet access is via ADSL using a D-Link DSL-2740B wireless router.
• A QNap TS-412 NAS is used to backup workstation data (at each employee’s discretion) using WinSCP. The username/password for the NAS admin account is admin/admin.
• A Windows 2000 Server was previously operational in the organisation but a power surge resulted in the power supply no longer functioning.
• Each employees receives on average 40 spam messages each day.
• In July 2017 – two workstations succumbed to a ransomware attack and JL paid the ransom.
• There are currently no policies or rules guiding employees on how to best utilise resources and conform to ideal cyber security conscious behaviours.
• Employees can access each other’s computers and email accounts.
• Confidential data is emailed/stored without using any cryptographic techniques.
• Last week an employee found a USB flash drive in the car park and plugged it into their computer. Since then, the employee has claimed that the computer appears to have “a mind of its own”.

You have been hired to develop a range of recommendations to ensure JL can fulfil current and future client requests. The employees are comfortable, and reluctant to change their current cyber security behaviour. Many of the employees believe that the company is functioning correctly and does not need a new cyber security operational model. JL’s manager is committed to addressing the cyber security issues and improving the culture of the workplace.

The manager has requested that you compile a small, succinct report addressing five (5) critical cyber security issues. In producing your solution, you should address the following requirements:

• Why the chosen cyber security issue should be addressed immediately.
• A detailed explanation/demonstration of how you propose to address the issue.
• Why is your chosen solution better than alternative approaches (i.e. clearly compare/contrast your solution to alternatives).
• A detailed breakdown of the cost in addressing the selected issue.

Critical Issues Faced by JL Company

The JL accounting company is experiencing cybersecurity issues. Cybersecurity is a practice that entails systems, networks, and programs protection against digital attacks directed into accessing, manipulating, ruining, interfering with normal operations or money extortion from users (Yeh et al.,2018).

To have an effective protection against cyber threats, various approaches should be applied ranging from internet and computer users, computers, information and data, programs and networks. These should complement each other (Conti et al.,2018).

This report points out and addresses the five major cybersecurity issues encountered by the JL company. Along with pointing out the issues, the various approaches and recommendations on the same have been given in detail regarding on how the issues can be dealt with in order to fulfill the needs of clients and improve quality of service delivery both in present and future. The account on the cost and effectiveness of the proposed approaches have been provided.

Effective solutions to the cybersecurity encountered by JL company were devised based on existing challenges. The proper means for enhancing the security of the computer system and network servers were considered.

The ability of system and operators to offer effective services at the present moment and in future with aim of achieving its maximum profits while satisfying its clients was critically analyzed. This was meant to determine the efficiency of adopting new cybersecurity measures as compared to the existing.

The cybersecurity issues ranging from the computer system, communication channels, and network security state are addressed. The possible solutions and recommendations to the respective issues are addressed as well. The main issues among others addressed include password attacks, ransomware attacks, phishing attack, man-in-the-middle attack, and denial-of-service attack.

This section gives a detailed description of the cybersecurity issues that are being experienced by the JL company and its respective clients.

These main cybersecurity challenges are in five major categories which include; password attacks, ransomware attacks, phishing attack, man-in-the-middle attack, and denial-of-service attack.

 Ransomware is a malicious software that illegitimately gets installed into the user’s computer system.  This software once installed in the system or a network denies the owner of the system (victim) to access in a computer or network (Lévesque et al.,2018). This is done by encryption with unknown code to the user. The attacker issues threats to the victim of either revealing the content of information to the public, destroying the information or deleting it unless some amount of money(ransom) is paid to the attacker to restore the access (Honda,2018). The form of attack can be by blockage of the whole computer system or file encryption. Some examples of ransomware are bad rabbit which direct users to ransom demanding page once it infects the computer. Crypto Locker malware both locks the system and encrypts the user’s files (Takeuchi et al.,2018).  (Fig 1 &2).

Ransomware Attacks

Figure 1. How ransomware works.

Figure 2. How crypto locker works.

This should be addressed to prevent further losses.

Among the ways that can be employed against ransomware attack are (Huang et al.,2018):

Use of protection tools. Various tools can be used to provide protection against this attack by detecting and blocking infected sites such as web pages and applications from infecting the system. Such tools include InterScan TM Web security and Trend Micro Deep Security TM.

Use of Trend Micro Crypto-Ransomware File Decryptor Tool to decrypt some encrypted files.

Backing up sensitive and personal information in separate devices or in a cloud.

Use of reputable antivirus software and strong firewalls.

The use of passwords and codes are among the ways that are used to protect the computer system, network or information from unauthorized access (Fatima,2018). Passwords consist of a combination of characters, either numbers or letters known to the related user(s) that give them access to a certain system or information. The strength of a password depends on its length and a combination of characters, the length of at least 8 characters and complicated combinations, the stronger the password (Nelson,2018). For instance, JL company used a weak password to protect its clients’ information in ONap TS-42 NAS. The password had a combination of 9 characters "admin/admin" without any numbers. Such a password is prone to successful attack. Password attack on the clients is evident in the case where the employees are able to gain access to computers and email accounts without restriction.

Password of an individual can be attacked using various techniques. Common methods include a brute force attack, dictionary attack, and keylogger attack. I brute force, an attacker uses a computer program and various scripts on trial and error to find a possible password. In a dictionary attack, an attacker cycles combination of common words from a common source to obtain a password.  In keylogger attack, an attacker uses a key logging malware which records keystrokes of the user while entering his password (Nelson,2018). This situation should be addressed to promote proper service delivery to clients and improve privacy and confidentiality.

Among the effective solutions are as follows (Wang,2018):

Use of multi-factor authentication. This involves a combination of several security measures on the same system such as a combination of PIN, password, and fingerprint.

The clients and employees must be educated on the need of keeping their passwords confidential. It is evident that the five employees at JL company IT illiterates.

Password Attacks

Formulation of and adherence to the security guidelines at the workplace. This includes limiting access of unauthenticated personnel to the SOE.

Implementation of lockout policy. This automatically locks an account when invalid passwords are keyed in severally by an intruder.

The company has to employ cryptography methods in order to protect the client's information while sending to them. This will ensure the security of the information (Wei et al.,2018).

This is a situation where the resources of a computer system or the server are overloaded with requests. This makes the system to fail to respond to the requests of a legitimate user within the expected time (Benson et al.,2018). For instance, the JL’s clients are complaining that their computers are operating slowly. Depending on the motive of the attacker, the types of denial-of-service attacks differ and they include:

TCP SYN flood attack- This is where an attacker sends a lot of connection requests to the victim’s system. When the victim tries to respond to these requests, the requests are not sent back to the attacker and thus the system of victim run to time out while processing the send connections and in await of the attacker’s response. Consistency in this causes the system of the victim to be too slow or crush. Under normal situation, once the server receives a request from the client, it processes it and sends feedback to be acknowledged by the client in order to open the TCP connection (Chambers et al.,2018).

Figure 3 below illustrates the SYN flood attack.

Figure 3.  Normal connection and SYN flooding.

Distributed Denial of Service Attack (DDoS)-This is where the attacker generates and directs traffics from various anonymous sources to the victim’s computer or web server. This traffic exhaust in the bandwidth and storage resources of target victim leading to system’s failure. This is illustrated in the chart below. This should be addressed immediately before a great damage is made on the system.

Figure 4. Structure of DDoS attack.

The following measures can be taken for protection against the attacks:

Installation of firewalls and antivirus to the network restricting bandwidth use to intended users only.

Configuring a server and network firewall policies to prevent intruders from addressing a server and its resources (Qin et al.,2018). 

An attacker comes in between the communications of a server and a client. Example of MitM is session hijacking (Vanhoef et al.,2018).

Session hijacking- an attacker camouflages to resemble trusted client by intercepting communications between a client and server and replaces his IP address with that of the client as the session is still going on from the server. The server will still recognize him as its usual client (Vanhoef et al.,2018). (fig. 5).

Denial-of-Service Attacks

Figure 5. Session hijacking MitM attack process.

This attack is portrayed in the JL company as neither clients nor service providers are raising the complaint, clients feel that the company is providing services correctly and yet they are receiving spam messages. This means that an attacker is monitoring the communications without their awareness. This should be addressed early enough to prevent any misuse of clients’ information by attackers.

Installation of intrusion detection system for monitoring network. This will give an alert when an attacker hijacks communication between the server and the client.

Use of encrypted virtual private networks which reinforce security layers for network access thus making it difficult for an attacker to intercept communications.

Prevention of ARP spoofing by installing a dynamic host configuration protocol on the network server switches (Jakobsson,2018).

The staff activities must be properly monitored and audited to ensure that there are not internal man-in-the-middle attacks (Wolf & Goff.,2018).

It is a social engineering attack where an attacker sends emails appearing to come from trusted and known sources to the user. This occurs when the user opens the mail, malware loads into the computer. The mail may contain a link directing the user to a certain website containing a malware that tricks the user to give personal information such as bank accounts and passwords (Martin, 2018).  This evident as some clients are experiencing random popups with malware features.

Sending of unencrypted confidential information to clients by JL possibly provided an opportunity for attackers to intercept them, generate similar information and forward to the clients as malware. This should be addressed to avoid any further attacks.

Educating the employees to be careful in analyzing the sources of emails before opening them.

Analysis of email headers to establish paths of how the mail entered into your address.

Sandboxing the emails by clicking the link within the mail to check its content and to establish whether it is a genuine link or corrupt (Thomas,2018).

Table showing comparison and contrast between chosen and alternative methods.

Recommended measures	Current conditions.	Importance
Installation of antivirus software into computers.	There is no laptop with antivirus	Installation of antiviruses will malware infection.
Installation of security software.	None of the laptops contain any security software.	This will ensure information security of the clients and service providers.
Employing IT experts with enough skills on cybersecurity.	None of the employees has IT expertise.	Expertise will detect the cybers security issue and provide solution early enough before losses occur.
Formulation and implementation of policies and guidelines in regard to the use of resources for both employees and clients.	No policies or rules that guide employees and clients on proper procedures for online service access.	This will promote information security of both the clients, employees, and company.

The financial breakdown table for recommended measures in comparison to current measures in JL

Current state.	Expense	Recommended measures	Expense.
Employment of inexperienced people in IT	Expensive since the services offered do not meet the requirements, also losses made.	Employing IT experts.	Cheap since there shall be no losses. Any problem will be detected and rectified early enough.
No security software against cyber-attacks.	Expensive. In the case of ransomware attacks where a lot of money is demanded, clients’ information obtained illegitimately and used against the client or company	Installation of security software against cyber attacks on the system or network.	Cheap as it will cut off any expense that could have been encountered during successful attacks. Once the software is purchased, they can be updated hence no extra costs incurred.
No rules and guidelines regarding the access and use of server resources.	Costly since any individual who might be an attacker can interfere with the systems and thus spending much to repair it or loss of valuable information.	Formulation of proper and strict guidelines for the use of resources.	Cut down possible extra costs from attacks since the clients and company will avoid any mistakes that would expose them to the attackers.

References

Benson, V., McAlaney, J., & Frumkin, L. A. (2018). Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape. In Psychological and Behavioral Examinations in Cyber Security,266-271.

Chambers, N., Fry, B., & McMasters, J. (2018). Detecting Denial-of-Service Attacks from Social Media Text: Applying NLP to Computer Security. In Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers) (Vol. 1), 1626-1635.

Conti, M., Dehghantanha, A., Franke, K., & Watson, S. (2018). Internet of Things security and forensics: Challenges and opportunities.

Fatima, R., Siddiqui, N., Umar, M. S., & Khan, M. H. (2018). A Novel Text-Based User Authentication Scheme Using Pseudo-Dynamic Password. In Information and Communication Technology for Competitive Strategies,177-186.

Honda, T., Mukaiyama, K., Shirai, T., Ohki, T., & Nishigaki, M. (2018). Ransomware Detection Considering User's Document Editing. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA),907-914.

Huang, D. Y., Aliapoulios, M. M., Li, V. G., Invernizzi, L., Bursztein, E., McRoberts, K., ... & McCoy, D. (2018). Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy (SP),618-631.

Jakobsson, B. M. (2018). U.S. Patent Application No. 10/057,247.

Lévesque, F. L., Chiasson, S., Somayaji, A., & Fernandez, J. M. (2018). Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach. ACM Transactions on Privacy and Security (TOPS), 21(4), 18.

Martin, J., Dubé, C., & Coovert, M. D. (2018). Signal Detection Theory (SDT) Is Effective for Modeling User Behavior Toward Phishing and Spear-Phishing Attacks. Human factors, 0018720818789818.

Nelson, B. (2018). Virtual Patching: Fighting Brute Force Attacks in a Software Defined Network (Doctoral dissertation).

Qin, J., Li, M., Shi, L., & Yu, X. (2018). Optimal denial-of-service attack scheduling with energy constraint over packet-dropping networks. IEEE Transactions on Automatic Control, 63(6), 1648-1663.

Takeuchi, Y., Sakai, K., & Fukumoto, S. (2018). Detecting Ransomware using Support Vector Machines. In Proceedings of the 47th International Conference on Parallel Processing Companion,1.

Thomas, J. (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks.

Vanhoef, M., Bhandaru, N., Derham, T., Ouzieli, I., & Piessens, F. (2018). Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks.

Wang, D., Ming, J., Chen, T., Zhang, X., & Wang, C. (2018). Cracking IoT Device User Account via Brute-force Attack to SMS Authentication Code. In Proceedings of the First Workshop on Radical and Experiential Security, 57-60.

Wei, M., Golla, M., & Ur, B. (2018). The Password Doesn’t Fall Far: How Service Influences Password Choice. Who Are You.

Wolf, D. G., & Goff, D. L. (2018). A ransomware research framework: poster. In Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security,26.

Yeh, E. R., Choi, J., Prelcic, N. G., Bhat, C. R., & Heath Jr, R. W. (2018). Cybersecurity Challenges and Pathways in the Context of Connected Vehicle Systems,134.