Isol631 Operations Security : Cybersecurity Assessment Answers
The following scenario is based on an actual attack deconstructed at a seminar I attended earlier this year. The names and locations have been removed to preserve the privacy of the organization in question.
Background:
No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.
Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.
Attack Analysis:
After collecting evidence and analyzing the attack, the third party was able to recreate the attack.
No-Internal-Controls, LLC has a number of PCs configured for employee training
These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc.
The generic logins were not subject to lock out due to incorrect logins
One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees
Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access
The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections
The internal network utilized a flat architecture
An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers
The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access
The attacker installed tools on the compromised host to scan the network and identify network shares
The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files
Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost
Answer:
Introduction:
LLC is a pharmaceutical company which is located in the Midwest of the US and is employing around 150 employees. Recently the company has suffered from a Ransomware attack but it has been able to recover from the attack by taking assistance from a third party IT service company. Now the company has decided to adopt some policies so as to overcome the situations similar to the ransomware attack (Choi, Scott, & LeClair, 2016). This report discusses about some policies and how these policies can help the company along with the reasons which will support the policies.
Discussion:
Policies for Mitigating attacks and supporting reasons for the policies:
Several policies can be adopted for the purpose of protecting the company details from any type of cyber-attacks. Some of the important policies that can be adopted by the company for protection of their data are listed below:
- Backing up of data:This is the most important way in which the company can avoid threats similar to that of the Ransomware attack. This policy includes the creation of backup on a regular basis along with updating the backups. This is an administrative control and also acts as a preventive method for losing any data.
- Looking into the hidden file extensions:This process includes the re enabling of looking into the full file extensions which will initially help in spotting the suspicious files. Fie extensions with “. PDF.EXE” are the main files which the attackers use for getting into the system of the users(Brewer, 2016). This is also a preventative policy that can be adopted by the administrative department of the company.
- Use of filters in the Emails:This include the use of the mail scanner at the gateway so as to avoid the files with an extension of “.EXE” and helps in denying the files which are having two extensions. This a detective method used to prevent any threats.
- Disabling of the files that are running from the folders of AppData/ LocalAppData: The company can make rules within the Windows or with Intrusions prevention software’s that will help in disallowing of a particular behaviour if any type of attack attempts is made(Song, Kim, & Lee, 2016). This is a physical method that can be adopted to prevent any threats.
- Disabling of the RDP:Most of the attacks are considered to be done by the use of Remote Desktop Protocol or RDP. So by disabling the RDP the company can avoid many types of attacks(Berriz, 2014). This a physical control method that can be adopted by the admiration.
- Patching and Updating of software:The software that are outdated can be very much advantageous for the attackers. This type of attacks can be avoided by the company if they continue in updating their software’s in frequent intervals. The vendors of the software’s often release their security updates and if the company enables the automatic update then they can visit the vendors site automatically and update the software. Automatic update also helps in avoiding the risks of getting harmed when the malware authors disguise themselves as software updates(Touchette, 2016). This is a preventive policy that can be adopted by the company for the purpose of preventing any threats.
- Using of the Reputable security suite:the company can adopt the policy of installing both the anti-malware software and a software firewall which will help in identifying of any types of threats and suspicious behaviours. The attacks can be of various types so to avoid this both type of security is necessary(Roa, 2017). This is a physical preventive control policy.
- Disconnecting from any type of network:Any types of attack like the Ransomware can be easily avoided if the company immediately disconnects all its systems from the network after identifying the characteristics on the screen. This is a physical preventive control policy in which the administrators have to disconnect themselves from the network in order to protect their privacy.
- Use of different preventive kits:One such kit is the Crypto Locker Prevention kit which helps in automating the process of disabling the running files in the App data and the Local App data by the group policies along with disabling of the executable files that are running from the temp directory(Richardson & North, 2017). This is a physical preventive control policy for protection of the data of the company.
Conclusion:
The adaptation of the policies discussed above along with the control measures will greatly help in the identification of the threats and avoid the threats in a very easy way. The policies should put more emphasis in protecting the accounting data of the company as the accounts forms the backbone of any type of organisation. All the policies stated above are physical and administrative control method which helps in detecting preventing and correcting any type of flaw of the company.
References:
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), 5-9.
Song, S., Kim, B., & Lee, S. (2016). The effective ransomware prevention technique using process monitoring on android platform. Mobile Information Systems, 2016.
Choi, K. S., Scott, T. M., & LeClair, D. P. (2016). Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory. International Journal of Forensic Science & Pathology.
Berriz, C. (2014). Cybersecurity and United States Policy Issues. Global Security Studies, 5(3).
Touchette, F. (2016). The evolution of malware. Network Security, 2016(1), 11-14.
Roa, R. E. E. (2017). Ransomware Attacks on the Healthcare Industry (Doctoral dissertation, Utica College).
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and Prevention. International Management Review, 13(1), 10.
Buy Isol631 Operations Security : Cybersecurity Assessment Answers Online
Talk to our expert to get the help with Isol631 Operations Security : Cybersecurity Assessment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.