Computer Security: 782803

Computer Security

Introduction

Computer Security has been evolved in recent years. Initially, data problem has been capitalizing on the market and various cases have been published over media. Traditionally, the meaning of computer security has been restricted to hardware and physical theft of data from computer device (Stallings, 2017). However, with the change in time and technology, a threat has been changed to online security and internet data theft has been arisen. Several users and organizations have been storing their data over the internet using the cloud.

This report has been focused on the JL Company in Perth, Australia. The company has been looking for online expansion and meeting with new clients over the internet. However, there are no security guidelines and various cybersecurity issues have been detected in the organization. This report outlines five different cybersecurity issues along with their solutions. A complete analysis of solutions to cybersecurity issues has been provided in the report with the proper cost required for implementing it in the organization.

Computer security issues

Computer security has been a major concern for any company in the market. The JL Company has been looking for expanding their business over the internet.  The computer connected in the network has been properly updated with new patches. However, there is no antivirus software installed on any of the computers. There have been various cybersecurity issues identified in the company. Some of these cyber threats have been discussed below:

Phishing: Phishing is a cyber-threat that employs both technical subterfuge and social engineering for stealing details of users including personal identity data and several financial accounts details (White, Fisch & Pooch, 2017). Therefore, this attack has been criticized several users and organizations including JL Company. Email phishing has been the most common attack faced by organizations.  There are the variety of emails are in the inbox from various clients. Organizations generally communicate with clients with the help of emails. Various private and personal information of the company is transferred through emails. In this case, each employee are receiving 40 spam emails every day. This has been creating the critical situation for the organization (Ritter et al., 2015). Phishing attack has been creating a space in the network of the company through spam emails. Hackers used to send spam emails to the email address of the company. If any employee opens these spam emails, important data including login credential might get transferred to hackers. These social engineering attacks have been creating issues in the company due to the data theft.

154

Figure 1: Relation between security breach and technology

(Source: Lévesque et al., 2018)

However, there are some anti-phishing techniques to prevent phishing attacks on the network of the company.  The most important technique is awareness among employees regarding the spam emails. Employees of the company need to be made aware of the spam emails and other spams links included in the spam emails. There are various applications that help in detecting spam mail including PHONEY (Carroll, 2014). The main principle of this technique is that it restricts fake information containing in the emails. This tool can be used as an extension in a browser for mitigating web-based phishing attacks. Basically, phishing attacks can be prevented by providing information and awareness about spam emails to the users and employees of the company.

Hacking: Hacking is basically a general cyber-attack but might be a severe one for the company and users.  The hacking can be done with various components including network, password, accounts and server.  Therefore, hacking can affect a large area of the computing resources.  Hacking can be both a client-side attack and server-side attack.  Client-side attacks cause due to fault dine by clients and users. The employee might click on any advertisements and spam link that might hack the computer and steal all data and information. In this case, the network of the JL Company has no security layer installed on the server (Mendenhall, Sincich & Boudreau, 2016). Lack of firewall and antivirus have been main factors for the hacking network of the company. Hacking basically cases data loss including passwords and other login details of an account. The hacking can be done by several attacks including virus and malware attack. Harmful viruses and malware might be injected in computers through external devices or through online. However, the employee found a pen drive outside and after connecting to the company computer system, it hacked with a message. Therefore it can be understood that hacking can be done by using a pen drive.  Therefore, the awareness among employee has been the important feature in the company. The use of antivirus and firewalls helps in creating an approach to mitigate these viruses and malware in the network. It also helps in restricting viruses and malware in the network.

14

Figure 2: Hacking into small businesses

(Source: McGregor et al., 2015)

Ransomware: Ransomware has been recent cyber issues that have been in a market during 2005 and still going on. Ransomware has been one of the most critical cyber-attacks in the recent decade. It has been affecting various countries all over the world.  The enhancement in the digital currency has given rise to the ransomware attack in the market. The evolution of Bitcoins and cryptocurrency have been causing the threat of ransomware. The virus attacks directly into the network of the company and steals data including financial documents of the company during transfer (Sandberg, Amin & Johansson, 2015). Hackers used to ask for ransom money to recover back documents and files of the company. The ransom amount is much high in relative to other attacks. Therefore, the JL Company have to be aware of these attacks.

13

Figure 3: Ransomware expansion

(Source: Hu, Kuhn & Ferraiolo, 2015)

Cryptography techniques are helpful in mitigating these attacks.  The transfer of data and information from a client to client can be encrypted using various algorithms.  This help in increasing the security of the data and information transferred from one client to another client. However, in this company, there is no encryption done with the data packets (Schreuders & Butterfield, 2016).  The company needs to encrypt their data and information in a packet before transfer. Encryption helps in restricting third-party access to the data and information.

BYOD: BYOD stands for Bring Your Own Device. This concept has been increasing in the corporate world.  Several organizations have been focusing on the BYOD concept helps in mining the resources of the organizations.  The use of devices helps in performing their tasks in a proper manner. However, with its benefits, there are some limitations in respect to security concerns. Various sensitive data and information are stored in the devices of employees. Therefore, it becomes unsafe for the company point of view (Peltier, 2016). Any loss of the device by employee night led to the huge loss to the company. Information security has been a critical concern in the case of BYOD.  The use of BYOD has been not good for security purposes of the organization. Malicious software and applications might be installed in the employee computer. Upon connected with the company, all, the data and information might get transferred by that software and application.  This might hack the network of the company in the market.

Therefore, to fulfil the benefits of the BYOD, the company has to prepare some strict protocols and policies of the BYOD.  The use of certain applications needs to be allowed in the organization.  This policy might help in minimizing the cyber-attacks caused by the BYOD. The use if the proper antivirus bin the own device is necessary (Gilman et al., 2017).  The use of pen drive and other external computing devices needs to be scanned properly by the company in order to minimize threats.   

Password Cracking:  Passwords are designed for providing authentication security to a system. There have been several ways of providing security to the system including strong passwords. Passwords are used in providing security and authenticity to any systems in the company.  There have been various benefits of the using a strong password in the system. There are various techniques for providing passwords to a system. Generally, passwords need to be f six letters having the combination of uppercase letters, symbols, special characters and numbers (Grassi, Garcia & Fenton, 2017). This help in creating a strong password for the system.  A strong password cannot be broken and hacked easily. However, Brute force attack has been the most common password hack attack in the organization.  This attack depends on the domain of input characters of passwords and length of a password. However, a desktop computer can attempt one million attempts to crack a password by brute force.

12

Figure 4: Password attacking possibilities

(Source: Raj & Silambarasan, 2017)

Proposed Solutions

Various cyber-attacks have been discussed in the above section that might occur in the JL Company. These attacks are severe cyber issues that can create the loss for the company in the market. The use of several techniques might prevent a company from these attacks. The company has to focus on updating software and operating systems of all the computers (Zear, Singh & Kumar, 2017).  Installation of important patches of the operating system helps in providing security to installing applications and programs in the system. There have been the various update in all the operating system on a daily basis.  Therefore, a daily update s necessary for maintaining a keen secure approach to the cyber issues.

The use of firewalls and antivirus needs to be done by the company. Updated antivirus helps in restricting viruses and malware from entering into the network and server of the company.  The use of updated firewalls helps in maintaining a secure virtual dome over the computer for restricting and destroying viruses and malware in the computer. A firewall might be of few costs for the company. The cost of antivirus might be around $40-$70 per year (Raj & Silambarasan, 2017). Therefore, a company might afford this amount in the computer security purposes. Various companies are producing antiviruses in the market that have been helping in maintaining security to the network and computer system.

Cryptography techniques have been a beneficial way of securing data and information in a database.  The use of cryptography techniques helps in maintaining a secured approach data packets of the companies.  The company might acquire encryption techniques for encrypting data and information. Data and information have been put into a packet and encrypted with a key. The key is only known to the sender and receiver clients (Grassi, Garcia & Fenton, 2017). Therefore, the use of encryption has been helping to maintain the security of data and information.

The virtual private network (VPN) has been an important technique that helps in protecting networks attacks. VPN has been helping in changing the IP address of the computer device connected in the network.  Therefore, the hacking of the IP address cannot be dining easily.  The use of the VPN has been helping in maintaining a secured network in the company. VPN helps in transmitting data by means of tunnelling. The packet is used to wrap with a header before sending to a receiver (Grassi, Garcia & Fenton, 2017). A packet with a private non-routable IP address can be sent inside a packet with a globally unique IP address, thereby extending a private network over the Internet.

Conclusion

The above discussion can be concluded that computer security has been an important aspect of the company. The JL Company has been facing a lot of computer security issues as there are no security policies for the company. This has been creating the critical situation for the organization. Phishing attack has been creating a space in the network of the company through spam emails. Hackers used to send spam emails to the email address of the company. The company has been focusing on the online expansion over the internet. The use of internet has been helping in expanding the business. However, there are five cybersecurity issues have been discussed in the report. A clear discussion about the five cybersecurity issues has been done in the report.  A proper solution has been provided in the report.

References

Carroll, J. M. (2014). Computer security. Butterworth-Heinemann.

Gilman, J. W., Davis, R. D., Shields, J. R., Wentz, D., Brassell, L. D., Morgan, A. B., … & Zanetto, J. E. (2017, May). Development of high throughput methods for polymer flammability property characterization. In International Symposium of SAMPE (No. International Symposium of SAMPE).

Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2017). Digital identity guidelines. NIST Special Publication800, 63-3.

Hu, V. C., Kuhn, D. R., & Ferraiolo, D. F. (2015). Attribute-based access control. Computer48(2), 85-88.

Lévesque, F. L., Chiasson, S., Somayaji, A., & Fernandez, J. M. (2018). Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach. ACM Transactions on Privacy and Security (TOPS)21(4), 18.

McGregor, S. E., Charters, P., Holliday, T., & Roesner, F. (2015, August). Investigating the Computer Security Practices and Needs of Journalists. In USENIX Security Symposium(pp. 399-414).

Mendenhall, W. M., Sincich, T. L., & Boudreau, N. S. (2016). Statistics for Engineering and the Sciences, Student Solutions Manual. Chapman and Hall/CRC.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Raj, P. S., & Silambarasan, G. (2017). Role of Data Mining in Cyber Security. International Journal of Engineering Science13932.

Ritter, A., Wright, E., Casey, W., & Mitchell, T. (2015, May). Weakly supervised extraction of computer security events from twitter. In Proceedings of the 24th International Conference on World Wide Web (pp. 896-905). International World Wide Web Conferences Steering Committee.

Sandberg, H., Amin, S., & Johansson, K. H. (2015). Cyberphysical security in networked control systems: An introduction to the issue. IEEE Control Systems35(1), 20-23.

Schreuders, Z. C., & Butterfield, E. M. (2016, August). Gamification for teaching and learning computer security in higher education. In 2016 USENIX Workshop on Advances in Security Education (ASE 16). USENIX Association.

Stallings, W. (2017). Cryptography and network security: principles and practice (p. 743). Upper Saddle River, NJ: Pearson.

White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC press.

Zear, A., Singh, A. K., & Kumar, P. (2017). Robust watermarking technique using back propagation neural network: a security protection mechanism for social applications. International Journal of Information and Computer Security9(1-2), 20-35.