Types of cyber security threats and how to deal with them.

 

For this assignment, I have been tasked with being in the shoes of a CIO or IT supervisor of a company, and I have to identify 5 sources/types of potential digital threats to the organization; identify at least 5 digital processes, systems, and/or functions your company has in place; and to make a strategy (5 recommendations) for the company to adopt in order to be more safe.

 

The 5 sources/types of digital threats:

 

1. Trojans: trojans are a type of malicious code that poses as a safe program in a download. These can look like a normal file or program (e.g. games, word documents, etc). When downloaded these programs can take control of the person’s device, and can spread itself to different contacts on the person’s computer.

 

1. Ransomware: Ransomware is when a person or organization is denied access to their systems or data due to encryptions. It is usually installed through a malicious email with it as an attachment which is opened and downloaded. Attackers will usually demand a ramson be paid in order for a decryption key to be provided to restore access. However, there is no guarantee that they will give a key or that the key will work.

 

1. Spyware: Spyware is a type of malware that is downloaded to a person’s computer without their knowledge and gains access to a person’s data, including sensitive information like passwords and payment details.

 

1. DDoS: A Distributed denial of service (DDoS) attack is when a person hacks someone’s computer and installs malware allowing the attacker to remotely control the system. These devices are called bots or zombies in order to get personal information out of it, they then can release it to the public. A DDoS attack can also be used as a means of disruption of a targeted sever by overwhelming the server resulting in limiting normal traftie

 

1. Crypto-jacking: crypto-jacking is a malicious download that installs software to a person’s computer. Once installed, the program uses the computer resources to mine cryptocurrency on said person’s computer.

 

The 5 types of digital processes that are in place (how they can be exploited):

 

1. Anti-virus: a good anti-virus can easily block or delete malicious programs and files off of a hard drive or a database. A problem with anti-virus is that some files can bypass it and sometimes the anti-virus can detect safe files as potential viruses.

 

1. Backup servers: backup servers are used to collect backup data in case of a ransomware attack. They manage and store files and data allowing data to be restored if needed. One downside to backup servers is that they are expensive to run and manage since they are just like any server. Also, they can be hacked and held for ransom just like a regular server.

 

1. Block unsafe sites: Administrators can block known sites that are not safe for employees to go to. A downside is that it does not work for customers. Also, unknown sites which are not safe will not be blocked.

 

1.  Block unknown software: restrictions can be used to stop access to downloading any unknown software. This will stop malicious software and programs from getting company and customer data, the downside to this is that safe programs could be blocked as well.

 

1. Keep all of our software up to date: this ensures that software will be running at its full potential and at optimal speed. This will keep the systems running safely, blocking the newest threats. The downside would be that more recent software can cost a significant amount of money.

 

My 5 recommendations:

 

1. Invest in a DDoS protection program: one way to protect against DDoS attacks on the company is by investing in a trusted DDoS protection company with a reliable DDoS protection program. A good protection program will provide routine updates to look for newer threats as well as established attacks.

 

1. Make sure the anti-virus software is trusted: some anti-virus software should not always be trusted or is effective. To make sure that we get the best out of an anti-virus we should. Purchase a reliable and trusted software which gives frequent updates.

 

1. Check ads on our site: by checking all the ads that go through the site we can block ones that look like scams.

 

1. Check firewall month: by checking on our firewall monthly we are able to block any suspicious programs. Routine maintenance and inspection allows for the firewall to remain effective

Not allow attachments from outside the company: all attachments must be quarantined and reviewed to ensure that they do not contain malicious materials.