Saturday, December 7, 2019
Cyber Threat Assessment for Emirates Online â⬠Free Samples
Question: Discuss about the Cyber Threat Assessment for Emirates Online. Answer: Introduction Cyber attacks and cyber threats are possibly the most pressing issue that has concerned the cyber-law enforcement agencies around the globe for past few years. Reports of cyber attacks have continued to occupy the headlines of every newspaper worldwide. The cyber law-breakers are always coming up with innovative methods and technologies to cause havoc in the cyber world and keep busy the guardians of cyber security (Singer and Friedman 2014). The agencies that are responsible for the protection of the cyber world are always involved in developing new strategies, methods and technologies to disrupt the actions of the cyber criminals. However, the cyber criminals seem to outdo the protectors every time at every instance (Robinson et al. 2013). This report serves the objective of informing Emirates Airlines regarding the cyber threats that are concerning the cyber vigilantes for the past two years. It also analyses and provides details on the impacts that such cyber threats may have on the organisation and its operations. Finally, the report provides suggestions on possible risk management measures that can be undertaken by the organisation to protect itself from such cyber assaults. Top Global Security Threats The past few years has seen an intense level of activity in cyber attacks around the globe that caused damage ranging from organisational to global. There has been an exponential growth in the frequency of cyber attacks lately. The attacks were carried out with different methods and technology that had different effects and results (Andress and Winterfeld 2013). The global law-enforcement organisations constantly analyse these attacks and compare their complexities with other types of attack. Based on the final report the most threatening attacks are identified every year. In 2015, the top 5 cyber security threats were identified to be ransomware, cyber risk related to the use of Internet of Things, Cyber espionage, Cyber theft, risks in BYOD (Choucri, Madnick and Ferwerda 2014). In 2016, the top 5 cyber threats were identified to be mobile payments and banking hacks, next-generation heartbleed, advanced phishing attacks, cyber election fraud and risks related to cyber insurance (Cho ucri, Madnick and Ferwerda 2014). In the year of 2017, the top five cyber threats has been identified as nation-state cyber attacks, ransomware attacks, distributed-denial-of-service attack, risks related to Internet of Things, Social Engineering and Human Error (Choucri, Madnick and Ferwerda 2014). Therefore, it is evident from the statement above that with the face of cyber threat changing rapidly each year, the list of top cyber threats is also inconsistent. However, some cyber threats are constantly bothering the cyber protectors for the last few years. The magnitude of impact of the cyber threats depend on the type of business it is affecting. In case of organisations dealing in airlines transport business such as the Emirates Airlines, certain cyber threats are identified that can cause the most damage to the business of the organisation. Five greatest cyber threats to organisations like Emirates are as given below. Ransomware Attack The most damage that can be caused to organisations like Emirates Airline is through coordinating a successful ransomware attack. A ransomware is a sort of malware that is designed specifically to prevent access of a user to a computer and demand ransoms in exchange of restoring the system to its previous state (Pathak and Nanded 2016). Most of the airline manufacturing organisations supply completely digitally equipped advanced airlines nowadays. Therefore, all of the airlines that are used by Emirates Airlines are digitally equipped that are used by the pilots to control the aircraft as well as establish contact with the Air Traffic Control (ATC) of the airfields (Brewer 2016). Now if a ransomware attack is coordinated on the organisation that prevents the pilots to communicate with the ATC while landing or taking off from the airfield or prevents them from controlling the aircraft, then the craft can suffer massive accident that can cause large amount of life loss as well as finan cial and reputational damage to the organisation. Risks due to Internet of Things The connectivity of all digital devices to the internet can sometimes prove to be fatal, especially in aviation industries. All the devices that are used in an aviation industry from the airlines to the offices of the organisation needs to stay connected with each other as communication is vital in an aviation business (Jing et al. 2014). In case a cyber attack is coordinated by releasing, a malware within the network to which all the devices are connected that disrupt the communication among the offices and the aircrafts; it can raise many issues from delay in services to compensating the affected passengers (Jing et al. 2014). Phishing Attacks A phishing attack is generally used to retrieve sensitive information from a system that can be used for the benefit of the attacker in another instance. A phishing attack coordinated on the data centres or systems of the organisation can retrieve sensitive official information that can fuel criminal activities at a later instance (Hong 2012). The data may contain details of the aircrafts that are presently used and their conditions and security features that can be used by terrorist or criminal organisations to conduct criminal activities such as hijacking the crafts. This can lead to huge financial loss to Emirates as well as may endanger the lives of many passengers (Hong 2012). DoS or DDoS attacks The purpose of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack is to deny a user to use the network services by flooding the network with repeated requests and congesting the network traffic (Bhuyan et al. 2013). A DoS or DDoS attack can congest the network in which the organisation maintains communication among its other departments. As a result, the communication will be disrupted within the organisation, which may cause in several operational issues (Bhuyan et al. 2013). Cyber Espionage Cyber espionage is similar to the phishing attack as it also serves the purpose of illegally obtaining confidential information from organisations or governments by using the network (Lewis and Baker 2013). Such attacks can retrieve sensitive information of the organisation like the details of the employees working in the organisation and their bank account details, which can be used for causing potential damage to the organisation or its people in terms of finance and reputation. Methods of Mitigating the Threats To mitigate the threats mentioned above the organisation needs to make certain reforms to the current IT infrastructure as well as implement some new methods and technologies for the same purpose. Initially, the organisation need to use updated systems with latest operating system and software that has lesser amount of bugs that can be exploited by malwares like ransomware to breach the system and take control of the same (Hua and Bapna 2012). The devices that are connected to a network need to have sophisticated security tools implemented so that it becomes difficult for the hackers to gain entry to the devices easily. This will mitigate the risks related to internet of things (Lewis and Baker 2013). The network to which the systems are connected in the organisation needs to have strong firewall incorporated, which will scan and detect any malicious package within the network and prevent it from entering any system. This will prevent attacks like phishing and cyber espionage. The Emirates can consider purchasing an enormous amount of bandwidth in the network of the organisation, which will reduce the possibility of DoS or DDoS attacks (Bhuyan et al. 2013). This is because, the more bandwidth the organisation have the more difficult it will become for the attacker to congest all the network traffic at the same time. In addition to this, the organisation can implement certain software services that provide products that can detect DoS and DDoS attacks. The Emirates can recruit third-party service providers who provide application suites that help in providing complete risk management solutions along with detailed information on the types of threats that can affect the organisation and their impact on the same (Hong 2012). Finally, the organisation needs to train its employees with proper knowledge of identifying the threats and what steps should be taken at the event of a cyber attack (Hua and Bapna 2012). Employee awareness is vital to fighting the threats to cyber security in any organisation. Sometimes, an attempt of cyber attack can be prevented by the timely action taken by an employee who is well informed about the mode of the attack and its preventive measures. Suggestions to Secure the Information Assets of Emirates The Emirates is an aviation industry that stores sensitive business information, which if exposed to cyber attackers, can cause great financial and reputational damage to the organisation. Some information can also fuel future criminal activities. That is why; the protection of the information assets of the company is of utmost priority for safeguarding the interest of the same. Some measures can be taken to ensure the security of the information assets as provided below: Primarily, the data that are stored in the local systems of the organisation need to be protected with digital authentication methods such as with passwords and digital signatures so that the data cannot be retrieved physically in absence of the legitimate user of the system (Peltier 2013). The systems should also be equipped with latest and upgraded security software so that the data cannot be collected remotely. The network must have strong firewall for the same reason (Andress and Winterfeld 2013). Finally, the organisation must avail the services of a trusted cloud service provider to store the data at remote logical storage systems that has advanced cyber defence measures. Cloud storage is one of the most reliable methods of storing sensitive data without running the risk of it being stolen, provided the service provider is legitimate (Pathak and Nanded 2016). The data stored in cloud storage systems are protected with advanced and updated security software and the network through which the data is transferred to the cloud is encrypted with latest encryption technology. Moreover, multiple backups of the data are created and stored in various remote locations, which makes loss of data almost impossible. Conclusion The report reaches the conclusion that an aviation company like the Emirates needs to defend their hard-earned reputation heavily from the cyber attackers whose actions can affect it severely. To do so, the organisation needs to make certain changes as well as undertake certain new measures to fight the threats to cyber security. References Andress, J. and Winterfeld, S., 2013. Cyber warfare: techniques, tactics and tools for security practitioners. Elsevier. Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K. and Kalita, J.K., 2013. Detecting distributed denial of service attacks: methods, tools and future directions. The Computer Journal, 57(4), pp.537-556. Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), pp.5-9. Choucri, N., Madnick, S. and Ferwerda, J., 2014. Institutions for cyber security: International responses and global imperatives. Information Technology for Development, 20(2), pp.96-121. Hong, J., 2012. The state of phishing attacks. Communications of the ACM, 55(1), pp.74-81. Hua, J. and Bapna, S., 2012. How can we deter cyber terrorism?. Information Security Journal: A Global Perspective, 21(2), pp.102-114. Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., 2014. Security of the internet of things: Perspectives and challenges. Wireless Networks, 20(8), pp.2481-2501. Lewis, J. and Baker, S., 2013. The economic impact of cybercrime and cyber espionage. McAfee. Pathak, D.P. and Nanded, Y.M., 2016. A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering Technology (IJARCET) Volume, 5. Peltier, T.R., 2013. Information security fundamentals. CRC Press. Robinson, N., Gribbon, L., Horvath, V. and Cox, K., 2013. Cyber-security threat characterisation. Singer, P.W. and Friedman, A., 2014. Cybersecurity: What Everyone Needs to Know. Oxford University Press.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.