BPP Business School Plagiarism Policy

The dynamicity of the current business and manufacturing sectors has subjected companies to the extensive use of different ICT platforms for diverse reasons. The ransomware attack that occurred at Verdilan is an example of how attackers can exploit various loopholes to develop a ransomware and demand funds from the affected corporation. The primary failings in this group of companies that allowed it to become vulnerable to attack include the use of outdated operating systems, non-existent policies used in the acquisition and use of computers in the key corporations, the use of a common server for both business and personal purposes, an outdated email server that was utilized by the attackers to stage the attack, , unrestricted control, and the absence of an expert at the management who would oversee the commissioning and appropriate use of the existent systems.\u00a0 The use of Windows XP and other outdated systems made the staging of the ransomware attack simple since these OSs are highly vulnerable to attacks. According to Richardson and North (2017, pp.12), the CryptoLocker ransomware targets personal computers that mainly run on Microsoft Windows and targets the email systems. Richardson and North (2017, pp.12) argued that IT experts are equipped with the relevant knowledge that would allow them to develop access control policies and constantly monitor the acquisition, purchase, and use of computer system to enhance information system security.

According to Richardson and North (2017, pp.12)

According to Richardson and North (2017, pp.12), the CryptoLocker ransomware attack was first staged in 2013 and involved an attack on an email system of companies. The most likely form of encryption that was used in the case of Verdilan services was the private key cryptography that was sent to emails as an attachment. Private key cryptography encrypts most of the data as witnessed in this corporation and connects the system to a remote server (Richardson and North 2017, pp.12). Therefore, the most appropriate options of remediating the ransomware and recovering the encrypted data would be the use of a private key encryption, entire system overhaul and clean up, and paying the ransomware and expecting the data back. The most viable option of the three would be to develop a private key encryption that would decrypt the data without paying the ransomware. The key discredit of paying the demanded ransom is the low probability of accessing all the data that was lost during the attack. Total system overhaul is also unfeasible since it is time and resource consuming.

Protecting Against Email-Bourne Threats

The devastating implications of ransomware attacks have prompted businesses to develop strategies that would make them immune to email-borne insecurities. The most appropriate technique that can be utilized in protecting Verdilan services against email-borne threats includes the adoption of an email authentication, content analysis and pattern detection, dynamic IP blacklisting, and encryption and data loss prevention systems. The dynamic IP blacklisting technology is widely used for threat intelligence purposes where emails that originate from malicious sources are permanently blocked. Email authentication systems validate messages and block fraudulent emails while pattern protection and content analysis systems dynamically analyse the attachments in emails and identify potential threats. Lastly, an encryption system keeps emails safe and blocks communication between servers. The use of these technical, managerial and operational controls would significantly assist the corporation in protecting its systems against attacks of such magnitudes.

Access Control

A ransomware is designed and implemented by extortionists who explore an existent loophole in a corporation\u2019s database and exploit such opportunities to demand specific amounts from the affected corporations. The malware used encrypted most of the company\u2019s critical data that included personal email systems, the payment system, and denied access to pivotal sections of the database. The ransomware would paralyse the operations of Verdilan services since 75% of the files belonging to the group of corporations were affected. According to the case, the development of IT systems in the company has positively impacted on the connection and relationships between employees and customers. Therefore, an attack of such magnitude would stall operations until the malware is decrypted and the data is retrieved. Initial instances of the theft of company designs is an indicator that the system was weak and could be accessed by individuals who would sell the designs to Verdilan Holdings\u2019 competitors that would create similar products.

The primary reasons for the extensive access to system resources by the ransomware include the existence of weak policies that whereby employees could use the same devices for both professional and personal purposes, the system could be accessed from any region, old and outdated servers were still used, some employees preferred smartphones and tablets, and the negligence of the CFO that resulted in the creation of a weak system. Additionally, the individuals at the management levels had no IT background with the company having only two helpdesk technicians to support the entire ICT needs of the corporation. The absence of adequate IT expertise frustrates the development and implementation of access control policies as Richardson and North (2017, pp.14) argued that the professionals are the backbone of information security in corporations.

The three common access control policy types include role-based access control, discretionary access control, and the mandatory access control. Khan (2012, pp.613) asserted that in addition to the use of the three policies separately, some corporations combine two or all the three types. Discretionary access control (DAC) policies allow the IT experts to decide who and how the servers should be accessed (Khan 2012, pp.613). The primary concern of the workforce at Verdilan was that IT administrators were responsible for the approval of the requests to perform changes on the file servers. Such policies are beneficial in that administrators to have the liberty of deciding the activity on file servers. However, the loopholes in the use of the DAC policies might have resulted in the ransomware attack. Moreover, Khan (2012, pp.613) argued that the weakness of DAC is that the selected administrators can leak information that can cause cyber insecurity. The role-based access control policies are designed to only provide the files that suit the roles of the workforce as demonstrated in the table below.

Sample RBAC policy

Based to figure 1, the administrators analyse and categorise the users based on their role which defines the specific data types that they can access. The Verdilan Holdings\u2019 administrators can categorise the employees as either human resource, landscapers, IT experts, or financial analysts. Unlike the current common server that can be accessed by anyone, the RBAC would ensure that landscapers access the designs, financial analysis access commercial data, IT experts maintain full access and the human resource team only access information regarding the workforce. Lastly, mandatory access control policies allow the users to decide the data access and sharing model (Khan 2012, pp.613). The most appropriate policy type for the organisation would be the RBAC that has the ability to monitor access control since users use labels to access the data. The access to information should also be limited only to company devices and not personal telecommunication gadgets.

Network Security

According to Khan (2012, pp.614), ransomware threats can be significantly prevented through the use of a secure network that is immune to hacking and third-party manipulation. The recommended and most appropriate practice steps include the use of strong passwords that are changed regularly to reduce predictability and the ability to hack the system, provision of user accounts with RBAC, the use of dynamic blacklisting and email authentication systems, scheduled scanning of the database using antiviruses, and frequent upgrade of the operating systems. The rationale for having strong passwords is to limit the access to company files and to know the individuals who have gained access to the system at a specific time. Moreover, passwords provide a barrier for hackers who prefer insecure systems. Specific user accounts for employees would assist in the monitoring and evaluation of the system. Currently, the corporation has a free system that cannot monitor the workers that access it at specific times. Scheduled scanning and system upgrades are pivotal in the eradication of the existent malware and the interception of the operation of cyber attackers during their early stages.

Potential Security Threats

The potential security threats to the security of the company from the most to the least damaging vulnerabilities include malware spam, phishing, social engineering, spamming, and hacking. According to Krombholz et al. (2015, pp.113), cyber attackers are constantly changing their techniques to match the dynamic trends of cybersecurity. Phishing is an approach used by fraudsters to access vital data such as passwords and usernames for malicious reasons (Krombholz et al. 2015, pp.116). The password system might potentially be affected by this threat especially when the employees fail to receive basic cybersecurity education. Social engineering and scamming have similar magnitudes of effect on the system (Krombholz et al. 2015, pp.113). Spamming entails the spread of Trojan horses and computer viruses in a system while social security is the deception used by fraudsters to manipulate users to provide personal information (Krombholz et al. 2015, pp.116). The threat of malware spam is the greatest since it entails a combination of phishing and malicious email attachments that deceive company users and accesses all the confidential data. Lastly, Verdilan is susceptible to hacking whereby cyber attackers and business rivals would exploit the weakness of the current system and access vital data that they can use to their advantage.

The previous ransomware attack makes the company most vulnerable to malware spamming. Verdilan\u2019s key assets that are at risk of the potential threats include the landscape designs of Verdant Landscape Innovations, the current payment system, the old email servers and the sales and operations databases. The threat falls under the confidentiality category of the CIA triad as it would result in the unauthorised access of sensitive company and customer data. The main consequences of malware spamming include a denial of access attack, theft of designs, and total system infection that can lead to permanent data loss. Therefore, the proposed securities are to provide cybersecurity education and sensitization and develop a monitoring system for the database.

Identity and Authentication

Password strength is determined by two factors that include the length and complexity (Von Zezschwitz, De Luca, and Hussmann 2013, 461). The criticality of passwords in cybersecurity cannot be underestimated as they bar potential criminals from accessing websites or personal profiles. The complexity of the logins is determined by the combination of the characters the make the password. Length, in contrast, is the number of characters used as a login. The ideal password length is six to eight letters Von Zezschwitz, De Luca, and Hussmann 2013, 461). The recommendation for the new password policy would be to incorporate lowercase, symbols, numbers, and uppercase characters when developing passwords. Compliance would be achieved through frequent password changes and the use of a system that would provide random passwords for the employees. Weak passwords that can easily be predicted such as the use of consecutive or repeating characters must be avoided.

Cloud Services

Figure 2 (Asma, Chaurasia, and Mokhtar 2012, pp.143) indicates the primary cloud computing issues faced by companies and that might affect Verdilan Holdings.

Cloud computing issues (Asma, Chaurasia, and Mokhtar 2012, pp.143)

According to Asma, Chaurasia, and Mokhtar (2012, pp.143), security issues are the most challenging cloud computing threat. Security can be compromised through hacking or the injection of a malware in the system that would compromise its performance and integrity (Asma, Chaurasia, and Mokhtar 2012, pp.143). The second threat is performance-based while the third is availability. Poor performances of the cloud and unavailability during certain times affect the overall productivity of the workforce and the ability to meet consumer demands. Other concerns that are existent but might not affect the corporation include the difficulty of integration and customisation, increased costs, and few suppliers. The payment system should not be outsourced due to the sensitivity of payment issues in organisational management.

References

Asma, A., Chaurasia, M.A. and Mokhtar, H., (2012). Cloud Computing Security Issues. International Journal of Application or Innovation in Engineering & Management, 1(2), pp.141-147.

Khan, A.R., (2012). Access control in cloud computing environment. ARPN Journal of Engineering and Applied Sciences, 7(5), pp.613-615.

Krombholz, K., Hobel, H., Huber, M. and Weippl, E., (2015). Advanced social engineering attacks. Journal of Information Security and applications, 22, pp.113-122.

Richardson, R. and North, M., (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), pp.10-21.

Von Zezschwitz, E., De Luca, A. and Hussmann, H., (2013, September). Survival of the shortest: A retrospective analysis of influencing factors on password composition. In IFIP Conference on Human-Computer Interaction (pp. 460-467). Springer, Berlin, Heidelberg.