Information security (IS) is an essential aspect of any organization that relies on information technology for its day-to-day operations. Therefore, (IS) involves protecting data, and infrastructure in the information world (Barlow, 2015). The amount of security needed largely depend on the firm’s size and the volume and type of data to process. Moreover, the available financial assets is another factor that determines the scope for implementing the security program. Thus, implementing several layers of security is vital for the success of an enterprise when dealing with information safety.
More often, an organization has to start by addressing physical security. For instance, ensuring the workforce use badges and biometric scanners to gain entry to specific areas within the building and installing servers behind locked doors. The degree of security for information is broad, and a threat can originate from the largest or the smallest component (Barlow, 2015). Ranging from personal processing chips to thousands of advanced persistent threats (ATPs) and can attack any organization’s information system. Due to the intricate involved in creating a safe information environment, a structured approach is necessary for its development.
Anatomy of a Cyber Attack
The first step to understanding how cyber-attack works is to comprehend the vulnerabilities’ and methods used to perform them. Cyber-attack involves five phases, namely: reconnaissance, enumerate, penetrate, Exfiltration and sanitising. According to Pfleeger (2010), reconnaissance or scan is the first stage where hackers seek to establish the IP address, the network range, or network weaknesses. They identify servers, firewalls, and any internet-facing router and mark them for future scanning and penetration. This phase is considered the longest since hackers take days, weeks and even months to properly complete. Next, enumeration follows, here attackers use various techniques such as port-scanning to build on the intelligence collected during the first phase. Barlow (2015) urges that, at this level, they target to identify sensitive components and detect the vulnerability of each. This later allows them to select methods and attack strategies to apply during the penetration phase.
The penetration, intrusion, or exploitation phase, attackers execute this stage after they have identified enough angles to achieve their goals. Generally, hackers will increase the opportunities for their compromised account to provide it administrator-level entry (Koerner, 2016). Once they gain access, they begin infiltration. If they intend to gain financially, invaders will pull, passwords, credential or security codes that can be sold to others in the dark web’s black markets (Koerner, 2016). Further, the hackers can also steal intellectual property or delicate personal data; a good example is the 2015 where the Personnel Management Office was attacked (Koerner, 2016). Usually, these hackers will first clear any information that reveals their activities from the targeted systems by installing malware that can allow them future entry to the site without raising suspicion.
When assessing information vulnerabilities, it is essential to remember that data exist in three different states. They include processing, storage and transmission (Chapple, 2014). Therefore, keeping the security of data is vital, regardless of whether it is being conveyed over a network, stored on a file server or processed on a computer. However, it is challenging to protect data while being processed since it can get manipulated in many ways in addition to giving access to multiple users working from different locations simultaneously. Additionally, the vulnerability of data increases when transferred over the external networks or LAN (Broadcom, n.d). Finally, the most critical component of security is assessing the vulnerability of data on the servers and end-users since it can remain there for an extended period.
Moreover, network configurations, software and hardware can contain vulnerabilities. According to Soper (2017), vulnerabilities such as malware are commonly found in software. In most cases, the attacker’s uses malware to exploit their targets. According to Firch (2020), 2018 alone reported over 812 million infection cases. Malware includes keyloggers, logic bombs, spyware, worms, viruses, Trojans, botnets, ransomware, among others. Soper (2010) defined a worm “as a processor program that runs alone and can change how it works when transferred to another hosts network”. Thus, it causes more destruction than just moving from one system to another.
Additionally, malware can be designed to attack many vulnerabilities and compromise several areas of the system after infecting its first host. Ransomware is another type known to operate by encrypting the hard drives and denying users access to information before parting with a ransom (Deere, 2018). Typically, it contaminates a system such that they connect users to nefarious links or infected websites. A classic example is the 2018 cyber-attack on the city of Atlanta’s government systems (Deere, 2018). Hackers who were working remotely forcibly introduced SamSam Ransomware into their system.
Network exploitations involve social engineering, disfigured operating systems or firewalls and variety of malware. Naturally, social engineering attackers’ push the users to provide personal information to malicious individuals via the phishing emails that resemble those from the genuine or business users. In most cases, social engineering targets ignorant clients into clicking links that can transfer malware to their systems (Firch, 2020). Vishing is another method where phishing occurs via phone lines. Attackers gain access through Voice over IP (VoIP) specific tools and hack the auto dialing features, which then sends spoofed calls to targeted individuals.
Unpatched or outdated software running on a firewall or server provides network vulnerabilities that can easily get exploited by hackers. It is essential to ensure proper port security to protect it from outsiders. Finally, in 2019 organizations reported a rise in hardware attacks by 78 percent (Sobers, 2020). It is a form of supply chain infiltration that suppliers of manufacturers insert compromised chips with the intention of accessing the system through firmware.
Despite cyberspace having many threats, not all originate from malicious peoples. Risks coming from equipment failures, power supply, or electronic components can crash the system as well. They are classified as intermittent or permanent failures and should be anticipated to happen anytime. According to Soper (2017), a strategy need to be placed to minimize the risks in case they occur. A combination of hardware and software technologies can be used to protect data in its three states, if implemented, they provide the best answer for alleviating information risks in any organization.
When dealing with a new organization, a cybersecurity professional should first identify vulnerabilities in networks or computer systems. Further they can experience hardships to complete safeguarding data as individuals owing to its complex nature. Therefore, it is vital to exploit teams comprising members with different skillsets to navigate through the process based on their expertise. It involves a group that has a multitude of competencies to build a strong defense against any hacking.
Barlow, B. (2015). Anatomy of a cyberattack.
Broadcom. (n.d). 2019 Internet security threat report (ISTR).
Chapple, M. (2014). Access Control, Authentication, and Public Key Infrastructure. Burlington, MA: Jones and Bartlett Publishers, Inc.
Deere, S. (2018). Atlanta officials warn cyber-attack may compromise sensitive data. Web.
Firch, J. (2020). What are the common types of network vulnerabilities?
Koerner, B. (2016). Inside the cyberattack that shocked the US Government.
Pfleeger, S. (2010). Anatomy of an intrusion. IT professional, 12(4), 20-28.
Sobers, R. (2020). 110 Must-know cybersecurity statistics for 2020: Varonis.
Soper, D. (2017). Information privacy and security. Security lesson #4 malicious code – Malware.