Collaborative Learning Discussion 1: Summary Post
Discuss why Cyber Security is now a global issue and why it is important for companies to invest in Cyber Security.
An organisation that becomes a global leader and investor in cybersecurity has a competitive edge, as being resilient to cyber-attacks is economically beneficial. The Economic Impact of Cybercrime global report uncovers that the potential annual global cost of cybercrime could reach approximately $600 billion (Lewis, 2018).
Threat profiling in "the gray zone", where the violation of public-private, foreign or domestic legal boundaries is not apparent, is a challenge (Sheppard & Conklin, 2019). Since 19 May 2022, US "white hat hackers" accessing a computer for "good faith security research" are no longer punished, although the interpretation of "good faith" is criticised as subjective and "ambiguous" (Coker, 2022; Department of Justice, 2022).
In worm attacks, data encrypted by malicious actors may be unrecoverable even if the ransom has been paid. In 2017, the WannaCry worm used the EternalBlue vulnerability which disrupted the car production of Renault-Nissan, a multinational company and many of Britain's National Health Service emergency services became non-operational, until a "kill switch" was found. (Anderson, 2020) The downtime of critical services leaves a devastating impact on the company's reputation and its stakeholders' trust - especially involving "functional safety systems such as Schneider electric products", as noted by James Hines. Time impact is the greatest for large companies, from the extra capacity needed to make up for lost productivity and in handling the breaches (Cyber Security Breaches Survey, 2019).
Security awareness and education are essential. The least careful staff with privileged access determines how secure an organisation is (VanSyckel, 2018). As Laura Saxton mentioned, companies may not prioritise a security incident "proactive response policy" in place of "a reactive one" (2022). Threat actors are less likely to attack an expensive target (Borg, 2018). Establishing defensive strategies along with an incident recovery process to mitigate and isolate threats and performing regular backups are highly recommended as industry practices. Keeping up-to-date with the security releases and latest patches of software systems minimises the risk of known vulnerabilities exposure, saving long-term hidden costs. (Anderson, 2020)
References
Anderson, R. (2020) Security Engineering: A Guide to Building Dependable Distributed Systems. 3rd ed. Indiana: Wiley & Sons.
Borg, S. (2018) Seven Overlapping Theses on Cyber-Security Education. In: New Approaches to Cybersecurity Education (NACE) Workshop. [online] pp.1-6. Available at: [Accessed 4 July 2022].
Coker, J. (2022) DOJ:White hat hackers will no longer face prosecution. Available from: https://www.infosecurity-magazine.com/news/doj-white-hat-hackers-prosecution/ [Accessed 04 July 2022].
Department for Digital, Culture, Media and Sport (2019) Cyber Security Breachers Survey.
Department of Justice. (2022) Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act. U.S. Department of Justice.
Hines, J. (2022) Peer Response -- James Hines. [Blog] Initial Post -- Xue Ling Teh>, Available from: https://www.my-course.co.uk/mod/forum/discuss.php?d=112685#p153416 [Accessed 4 July 2022].
Lewis, J. (2018) Economic Impact of Cybercrime – No Slowing Down. Center for Strategic and International Studies (CSIS) & McAfee, p.6. Available from: https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/economic-impact-cybercrime.pdf [Accessed 29 June 2022].
Saxton, L. (2022) Peer Response -- Laura Saxton. [Blog] Initial Post -- Xue Ling Teh, Available from: https://www.my-course.co.uk/mod/forum/discuss.php?d=112685#p152687 [Accessed 3 July 2022].
Sheppard, L. & Conklin, M. (2019) Warning for the Gray Zone. By Other Means Part II: Adapting to Compete in the Gray Zone. [online] Center for Strategic and International Studies (CSIS). Available from: https://www.csis.org/analysis/warning-gray-zone [Accessed 4 July 2022].
VanSyckel, L. (2018) Introducing Cybersecurity. Sealevel Systems, Inc.
Collaborative Learning Discussion 2: Summary Post
Identify and discuss two security technologies and the context in which they can be employed.
Introduction
Unprotected networks are insecure, being easy targets that are vulnerable to threats. Multilayered network security, such as early detection via an Intrusion Detection System (IDS), is crucial in protecting systems and environments from various threats at different levels. Furthermore, establishing a Security Incident and Event Management (SIEM) solution to handle unprecedented incidents well mitigates the consequences in the event of a potential breach.
Intrusion Detection System (IDS)
The goal of an IDS is to detect malicious network activity through misuse or anomalies. Two approaches to IDS are signature-based and anomaly-based detections (Hines, 2022). Antivirus software, a widely marketed IDS solution, scans for indicators of compromise (IoC) from virus data patterns or signatures (Anderson, 2020). IDS is applicable in security operations - monitoring the traffic origin, access and system logs, detecting changes or deviations in data known as outliers and anomalies, ruling them out as suspicious activity.
Security Incident and Event Management (SIEM)
The SIEM is a centralised platform derived from the concept of Security Information Management (SIM) and Security Event Management (SEM) (Esseghir et al., 2022). The SIEM gathers real-time events from a variety of sensors, which includes capturing session packets from malicious connections and events for network forensics (González-Granadillo et al., 2021). Given a set of rules, the SIEM parses, groups and synthesises the signals into meaningful insights for further analysis by the security operations team, especially during security incidents.
Conclusion
A combination of the use of IDS to detect anomalies in network traffic and the SIEM to respond to alerts is key to protecting and securing networks and systems, which is my affirmative response to Laura Saxton's question of whether both should be used in tandem (2022). A distinguishing factor in effectively managing security incidents is the adaptability of existing security solutions for different industrial use cases.
References
Anderson, R. (2020) Security Engineering: A Guide to Building Dependable Distributed Systems. 3rd ed. Indiana: Wiley & Sons.
Esseghir, A., Kamoun, F. & Hraiech, O. (2022) AKER: An open-source security platform integrating IDS and SIEM functions with encrypted traffic analytic capability. *Journal of cyber security technology* 6(1-2): 1-38. DOI: https://doi.org/10.1080/23742917.2022.2058836
González-Granadillo, G., González-Zarzosa, S. & Diaz, R. (2021) Security information and event management (SIEM): analysis, trends, and usage in critical infrastructures. *Sensors* 21(14): 4759. DOI: https://doi.org/10.3390/s21144759
Hines, J. (2022) Peer Response -- James Hines. [Blog] Initial Post -- Xue Ling Teh, Available from: https://www.my-course.co.uk/mod/forum/discuss.php?d=115360#p155951 [Accessed 6 August 2022].
Saxton, L. (2022) Peer Response -- Laura Saxton. [Blog] Initial Post -- Xue Ling Teh, Available from: https://www.my-course.co.uk/mod/forum/discuss.php?d=115360#p155636 [Accessed 6 August 2022].