.

Tuesday, February 19, 2019

Cybersecurity Vulnerabilities Facing IT Managers Essay

Cyber- credentials demands argon forever increasing in the field of Information Technology with the globalization of the mesh. Disruptions ascribable to cyber-attacks argon affecting the economy, costing companies billions of dollars each year in broken r scourue. To counter this problem corporations ar spending to a greater extent and much on infrastructure and investing to secure the cyber certification vulnerabilities which range anywhere from softwargon system to hardw atomic number 18 to ne iirks and pot that use them. Due to the complexity of information systems that act with each other and their counter parts, the requirement to meet specific cyber warranter measures compliances pee contract a ch completely(prenominal)enging is fulfills for security professionals worldwide. To function with these issues, security professionals father created contrasting standards and frameworks oer the years for addressing this growing concern of vulnerabilities at bottom enterprise systems and the critical information they hold (Critical Security ticks, n.d.). forward we get into the details let firstly examine what exactly is a security photo. By definition a security pic evoke be flaws in hardw atomic number 18, software, networks or the employees that use them which in turn hindquarters eachow hackers to compromise the confidentiality, integrity and availability of the information system ( honey oil Cybersecurity, 2011). To thoroughly dissertate this topic in more detail I go forth first discuss Confidentiality as it is one of the three main goals of IT Security.Confidentiality is as simple as it sounds, limiting access to resources for provided those that collect it. Confidentiality vulnerabilities bechance when hackers try to exploits close to weakness or flaw within information system and view information that they are non commonly allowed to. In this case the confidentiality of the documents have been compromised. The split se cond goal of IT security which stick appear in any case be affected if security vulnerabilities are present is honor.Integrity by definition sight mean umteen contrastive things for diametric topics but for the IT world it solely relates to the trustworthiness of a document or resource. This means that the document or file has been unhindered or changed and is inactive in its original form. This is in truth important be gravel if entropy has been hindered or changed it great deal cause substantial damage to corporations due to the possible wrong decisions beingnessness made deal investments or unintended publications or nevertheless fear with the law if tax audits are non adding up properly which would all result in a net loss. The last goal of IT security which gouge be compromised if security vulnerabilities exist is approachability of the information system. Availability refers to the idea that a resource is accessible by those that bring it, whenever they nee d it. In my personal idea I consider availability is be worry the near important out of the three security goals.I posit this just now because there are galore(postnominal) mission critical applications out there that need to be online 24/7 and any downturn can result in catastrophic results. One prime utilization of this is the air traffic control towers at LAX they were having problems with the system a few months back due to the U-2 spy plane flying over their airspace. This ca utilize major panic which grounded taxied planes that were ready to quest off and forced the manual(a) tracking of planes already in air (Ahlers, 2014). Throughout this the paper I intend to report on the many different types of cyber-security vulnerabilities available and their effects. I will also describe in detail the vulnerability I feel is the close important facing IT managers straightaway, its impact on organizations and the solution. As I ex sign on before there are many different typ es of security vulnerabilities out there which can affect the integrity, availability and confidentiality of a resource. So the question steady remains what exactly are these types of vulnerabilities? especially since they range from software, hardware, networks and the people that use them.Firstly I will discuss the software vulnerabilities, more specifically in terms of sack up applications. This is because more than half of the menstruationcom enjoiner security threats and vulnerabilities today affect net applications and that number is ever increasing. (Fonseca, Seixas, Vieira, Madeira, 2014). When considering the programming language use to develop network applications you have PHP which is considered a weak language, on the other hand you have Java, C and Visual Basic which are considered strong languages. It is important to tubercle that the language used to develop the web applications is very important because although the different programming languages are similar ov erall, each one has different rules of how data is stored, retrieved, the execution methods, tables and so on.For example when I say how data is stored and retrieve, I am basically regarding to data types and data structures and how the programming language that is being used maps their values into type fields like strings for names, Int for numbers, or even Boolean for true and false statements. Overall though even if you are using a strong typed language like Java, it does non always guarantee itself free from defects because the language itself may not be the root cause of the vulnerability but possibly the implementation methods used or even insufficient testing (Fonseca, Seixas, Vieira, Madeira, 2014). Vulnerabilities in web applications pay for XSS exploits and SQL injection which are the most common types. Below you can enter in the image the evolution of reports caused by SQL injection and XSS exploits over the years.This nigh section we will discuss some more types of security vulnerabilities, more specifically vulnerabilities with regards to hardware. Many people assume that hardware vulnerabilities have the last security concern compared to other types of vulnerabilities like software, networks and people that use them evidently because they can be stored up in secure environments. The truth is even hardware vulnerabilities can be easily susceptible to attacks. hardware in general have a longer lifespan than software because only if with software you can upgrade it and install new patches/builds even later deployment. With hardware you once you purchase it, you are most likely dismission to keep it for a while. When it does become obsolete and ready to be addicted a lot of organizations make the simple mistake of not firmly disposing the old hardware properly which in turn opens up the entre for intruders. Old hardware have software programs installed on them and other things like IC transistors which can helphackers learn a lot more approximately the organization and help lead to future attacks (Bloom, Leontie, Narahari, Simha, 2012).The most late(a) example of hardware vulnerability which caused one of the biggest Cybersecurity breaches in history was most recently with Target. 40 million credit and debit cards with guest information was stolen evidently because a malware was introduced to the point of sale system with a hardware encryption vulnerability (Russon, 2014). Although hardware vulnerabilities are not normally the root cause for majority of the exploits and breaches out there, it is always still good to follow best practices. Network vulnerabilities will be the nigh topic of discussion and my personal favorite. Vulnerabilities with network systems are very common especially with the all the resources available to hackers today. There are many open source software programs on the market which can help intruders learn critical information about an organization. Just to name a few of the most popul ar and commonly used ones include Nmap security gazener and Wireshark.Nmap security scanner was originally developed to be used for security and system administration purposes only, like mapping the network for vulnerabilities. now it most commonly used for black hat hacking (Weston, 2013). Hackers use it to scan open unused ports and other vulnerabilities which in turn helps them dupe unauthorised access to the network. Wireshark on the other hand is also similar to Nmap as it was originally developed for network analysis and troubleshooting. It allows administrators to view and capture all mail boat resources that passes through a particular interface. Over the years hackers have started using Wireshark to exploit unsecured networks and gain unauthorized access (Shaffer, 2009).Although scan unused open ports and capturing packets are a great way for intruders to gain access to a network, the most popular method by farther to breach a network is USB thumb devices. Most enterpr ise networks are very secure in the sense that they use a demilitarized zone (De-militarized zone) and out-of-door penetration becomes very difficult. In a de-militarized zone outside network traffic moldiness go pass through two different firewalls to get to the intranet of the organization. The first firewall includes all the commonly used hordes like FTP, SMTP and all other resources that can be accessible by the public. The second firewall has the actual intranet of the organization which includes all private resources (Rouse, 2007). Below is the diagram of a demilitarized zone.So the question still remains, since most enterprise organizations use DMZ which in turn helps prevent port scanning or packet analyzing, why is USB thumb devices the most popular network vulnerability? (Markel, 2013) The resolution is very simple Social engineering. We as charitable beings, through social conditioning do not stop and ask questions when were not familiar with someone, which in turn ha s become one of the major causes for the cybersecurity breaches that pass by today. Just to give one example from my own personal experiences at work, each floor has an authentication swipe policy to gain entry. every time I enter the office area, there are a few people with me and only one person in the meeting usually swipes his/her unskilledge to open the door. This is a great security vulnerability because anyone can just follow the group and gain access to the entire intranet of the organization.In my case in particular I work for linked Airlines headquarters in Chicago at the Willis tower which is more than ascorbic acid stories high and the fact that the entire building is not ours alone, this becomes a huge security concern. While I have briefly explained the vulnerabilities in software, hardware, networks and the people that use them, the question still remains, what is the most important security vulnerability facing IT managers today?. This answer to this questions differs person to person, and one must take into consideration the actual vulnerability, its threat source and the outcomes. A person with a small home transaction might only be bear on with denial of help attacks, since they may not have enough change flow to properly secure their network. On the other hand an enterprise organization with large cash flow might have a different prospective and probably does not concern itself with denial of service attacks but instead is focuses on making sure all the systems are update using windows server update services.In my personal opinion though, you might have guessed it but its definitely us gentleman beings because we have the tendency to fall dupes and contribute to the successful security breaches that occur in todays society. Mateti in his essay TCP/IP Suite declared that vulnerabilities occur because of human error. A study by Symantec and the Ponemon institute showed that 64 percent of data breaches in 2012 were resulted due to h uman mistakes (Olavsrud, 2013). Larry Ponemon the founder of security research at Ponemon Institute and chairman stated that Eightyears of research on data breach be has shown employees behavior to be one of the most pressing issues facing organizations today, up by twenty two percent since the first eyeshot (Olvasrud, 2013). A prime example of this is when I stated earlier about how anyone can just enter my office area without swiping their card, just by only if following the group. This is a form of human error when employees are too intimidated to ask questions and request authorization from someone they believe does not work for the organization.The intruder can just walk in the front door pretending to be a salesperson, repairman or even a white collar businessman and may hear like someone legitimate but in fact they are not. This intruder now has direct access to the intranet and can install beady-eyed malware on to the computers to disrupt daily operations or even barga in splendid data like confidential project information, release dates, betray secrets and many more. A very good example of this is the Stuxnet worm which taint the Iranian nuclear facilities and caused a lot of damage internally which in turn delayed Irans nuclear development. All of the security measures that were put in place by Irans cyber defense team were circumvented simply by just one employee because the worm was introduced through an infected USB drive. This simply shows how the direct access from unauthorized users due to employee negligence can cause such tremendous damage and that all the perimeter defense become completely useless. another(prenominal) prime example of human errors was the RSA breach in 2011 where cybercriminals thought instead of just sending millions of phishing e-mails to different random mailboxes, lets send personalized emails to specific employees.The employees at RSA thinking since its a personalized message its safe and clicked on the links un knowingly which in turn caused the malware to be downloaded on to the network. To counter this problem for the first time IT managers need to properly train employees and give them specific guidelines to follow. Symantec has issued a press releases with the guidelines on how to properly secure sensitive data which includes information on how to train employees for these types of intrusions. Human error is not just limited to soupcon or foolishness, it also expands too many different areas because after all it is us humans who manage the cyberspace, grant physical access to the terminals and systems that are connected to the internetwork. We setup the protocols used for communication, set the security policies and procedures,code backend server software, create passwords used to access sensitive information, maintain updates on computers and so on (Security 2011, 2011 ). The human element social functions very much possibly more than the software, hardware or the network systems es pecially when it comes to properly securing an internetwork from data breaches. The impact on the organization always depends on what type of business it is and what it is engaged in.For example if an organization is very popular and has bigger front man in the online commerce (Amazon and New Egg) compared to one that does not use the internet quiet often will be more concerned with web based attacks and vulnerabilities. The impact though regardless of the type of organization will always be tremendous. Once a breach occurs not only are you spending on recovering from its effects but you are also spending on beefing up your current security measures by installing new devices, hiring new employees so the same occurrence does not occur again (Hobson, 2008) Sometimes at the end of the day some of the cost are not even recoverable like sensitive data, trade secrets, personnel information or even customer information. Another major cost and headache that occurs once an organization beco mes a victim of cybercrime is lawsuits.Many customers who feel that the organization could not protect their confidentiality will sue the corporation for millions of dollars which in turn can cause major loss. IT managers can do many things to help prevent breaches due to human errors. The first thing they can do is properly train the employees as stated above on a periodical basis and use current guidelines like Symantec to properly secure their intranet from any type of intrusion. IT managers can also establish a safe harbor in the sense that they can force employees to periodically change their passwords and establish rules so the password must be certain characters long and must include other types of characters also just the typical alphanumerical ones.Employee negligence also due to bad habits like sending sensitive data over an unsecured email and IT managers must ensure that they continually educate their employees. There are many different types of security vulnerabilities out there in todays world that are affecting organizations. In my personal opinion I believe human error is the one vulnerability that affects IT managers the most simply because we as humans make mistakes. It is in our nature and no matter how hard we try we will always be susceptible to thaumaturgy either through social engineering tactics or clicking hazardouslinks because it looks safe or even being negligent by not reporting something unusual. Employees need to realize that their actions can bring disgustful consequences for both them and the organization as a whole.ReferencesFonseca, J., Seixas, N., Viera, M., & Madeira, H. (2014). Analysis of Field info on Web Security Vulnerabilities. IEEE Transaction on Dependable & set Computing, 11(2), 89-100 doi10.1109/TDSC.2013.37 Russon, M. (2014, June 10). Forget Software Vulnerabilities, Hardware Security Must purify Before Its Too Late. International Business Times RSS. Retrieved July 12, 2014, from http//www.ibtimes.co.uk/for get-software-vulnerabilities-hardware-security-must-improve-before-its-too-late-1451912 Bloom, G., Leontie, E., Narahari, B., & Simha, R. (2012, January 1). Hardware and Security Vulnerabilities and Solutions. . Retrieved July 12, 2014, from http//www.seas.gwu.edu/simha/research/HWSecBookChapter12.pdf Common Cyber Security Vulnerabilities in Industrial Control Systems. (2011, January 1). . Retrieved July 12, 2014, from https//ics-cert.us-cert.gov/sites/default/files/documents/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf Critical Security Controls. (n.d.). SANS Institute -. Retrieved July 12, 2014, from http//www.sans.org/critical-security-controls Ahlers, M. (2014, May 6). FAA computer pestered by U-2 spy plane over LA. CNN. Retrieved July 13, 2014, from http//www.cnn.com/2014/05/05/us/california-ground-stop-spy-plane-computer/ Most central Cybersecurity Vulnerability Facing It Managers. (n.d.). . Retrieved July 13, 2014, from http//www.ukessays.com/essays/computer-scienc e/most-important-cybersecurity-vulnerability-facing-it-managers-computer-science-essay.php Security 2011 Attack Of The Human Errors Network Computing. (2011, declination 22).Network Computing. Retrieved July 13, 2014, from http//www.networkcomputing.com/networking/security-2011-attack-of-the-human-errors/d/d-id/1233294? Hobson, D. (2008, August 8). The real cost of a security breach. SC Magazine. Retrieved July 13, 2014, from http//www.scmagazine.com/the-real-cost-of-a-security-breach/article/113717/ Direct, M. (2013, December 20). Human error is the root cause of most data

No comments:

Post a Comment